From owner-freebsd-security@FreeBSD.ORG  Wed Mar  3 07:03:15 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C2C016A4CE
	for <freebsd-security@freebsd.org>;
	Wed,  3 Mar 2004 07:03:15 -0800 (PST)
Received: from 15pc221.sshunet.nl (15pc221.sshunet.nl [131.211.221.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D3B0F43D41
	for <freebsd-security@freebsd.org>;
	Wed,  3 Mar 2004 07:03:13 -0800 (PST)
	(envelope-from g.p.de.boer@st.hanze.nl)
Received: from thedarkside.nl ([172.16.0.4])
	by 15pc221.sshunet.nl (8.12.8p2/8.12.8) with ESMTP id i23F3Bde022014
	for <freebsd-security@freebsd.org>;
	Wed, 3 Mar 2004 16:03:11 +0100 (CET)
	(envelope-from g.p.de.boer@st.hanze.nl)
Received: from [10.0.0.3] (edinburgh [10.0.0.3])
	by thedarkside.nl (8.12.8p2/8.12.8) with ESMTP id i23F3AXv015568
	for <freebsd-security@freebsd.org>;
	Wed, 3 Mar 2004 16:03:10 +0100 (CET)
	(envelope-from g.p.de.boer@st.hanze.nl)
From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl>
To: freebsd-security@freebsd.org
In-Reply-To: <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net>
References: <20040302200713.8381924@mail.elvandar.org>
	 <20040302200809.0E98F2B4DA4@mail.evilcoder.org>
	 <19712.213.190.43.52.1078308097.squirrel@webmail.vkt.lt>
	 <08F3FCD6-6CFB-11D8-AE61-0030654D97EC@patpro.net>
Content-Type: text/plain
Message-Id: <1078326248.627.13.camel@edinburgh.thedarkside.tix>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date: Wed, 03 Mar 2004 16:04:08 +0100
Content-Transfer-Encoding: 7bit
Subject: Re: [Freebsd-security] Re: FreeBSD
	SecurityAdvisoryFreeBSD-SA-04:04.tcp
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2004 15:03:15 -0000

On Wed, 2004-03-03 at 11:10, Patrick Proniewski wrote:
> > But as it is said, that you need to patch or cvsup the kernel source,
> > rebuild kernel, and reboot.
> > Is there any way to do such thing without rebooting?
> you might be able to unload a module and load a patched module, but 
> when it comes to the kernel, you have no other choice than to reboot
> 
> By the way, the process is really fast and painless. I've cvsuped my 
> sources and made buildkernel / installkernel last night on my internet 
> gateway, and finally rebooted. The reboot was so fast that my computer 
> behind this gateway didn't even lose it's IRC session.

You -can- patch a run-time kernel by loading a KLD which, with a bit of
magic voodoo, replaces whatever function you want with your own. That
said, the TCP reassembly patch is quite complex compared to other
bugfixes and may well not be as easy to patch this way. If there are new
structures being used, things get quite nasty fast.

I agree with Patrick that a reboot is the safest and
really-not-that-sucky way to resolve this.

-- 
G.P. de Boer