Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Apr 2001 13:13:00 -0700
From:      Alfred Perlstein <bright@wintelcom.net>
To:        "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc:        Darren Reed <avalon@coombs.anu.edu.au>, Julian Elischer <julian@elischer.org>, freebsd-security@FreeBSD.ORG, net@FreeBSD.ORG
Subject:   Re: non-random IP IDs
Message-ID:  <20010417131300.L976@fw.wintelcom.net>
In-Reply-To: <200104171737.KAA56704@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Tue, Apr 17, 2001 at 10:37:56AM -0700
References:  <20010417043130.F976@fw.wintelcom.net> <200104171737.KAA56704@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
* Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> [010417 10:37] wrote:
> > * Darren Reed <avalon@coombs.anu.edu.au> [010417 04:29] wrote:
> > > In some mail from Julian Elischer, sie said:
> > > > 
> > > > there is a site that calculates server uptime from these numbers.
> > > > All the leading machines are freeBSD. When you do this it will 
> > > > no-longer be able to track us :-(
> > > 
> > > IMHO, extraordinarily large uptimes are nothing to be proud of and
> > > say nothing about the quality of software.
> > > 
> > > I'd almost go so far as to say uptimes greater than 1 year indicate
> > > that the system administration practises need review.
> > 
> > Agreed.  I've yet to hear about any seriously deployed system
> > go without security advisories for over a year.
> 
> Or perhaps this is a very talented system admin who values uptime
> and finds work arounds that don't envolve downing a system that do
> just as good, and sometimes better, than the vendor fix for the
> security issue.
> 
> Security Fix != Reboot required.

Well I was the one that asked Jake if he could provide a system
for patching static functions in the kernel.  If you search the
archives there is a patch for doing this.

It's actually quite reasonable to patch code out from under a running
system.  One can replace the entry opcode of the function with a 
jump to the patched code.  The only time this becomes a problem is
when structures change, however backporting the fix shouldn't be
a problem.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
Represent yourself, show up at BABUG http://www.babug.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010417131300.L976>