From owner-freebsd-security  Tue Apr 17 13:13:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id D94E937B423; Tue, 17 Apr 2001 13:13:09 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f3HKD0322697;
	Tue, 17 Apr 2001 13:13:00 -0700 (PDT)
Date: Tue, 17 Apr 2001 13:13:00 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: Darren Reed <avalon@coombs.anu.edu.au>,
	Julian Elischer <julian@elischer.org>, freebsd-security@FreeBSD.ORG,
	net@FreeBSD.ORG
Subject: Re: non-random IP IDs
Message-ID: <20010417131300.L976@fw.wintelcom.net>
References: <20010417043130.F976@fw.wintelcom.net> <200104171737.KAA56704@gndrsh.dnsmgr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104171737.KAA56704@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Tue, Apr 17, 2001 at 10:37:56AM -0700
X-all-your-base: are belong to us.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> [010417 10:37] wrote:
> > * Darren Reed <avalon@coombs.anu.edu.au> [010417 04:29] wrote:
> > > In some mail from Julian Elischer, sie said:
> > > > 
> > > > there is a site that calculates server uptime from these numbers.
> > > > All the leading machines are freeBSD. When you do this it will 
> > > > no-longer be able to track us :-(
> > > 
> > > IMHO, extraordinarily large uptimes are nothing to be proud of and
> > > say nothing about the quality of software.
> > > 
> > > I'd almost go so far as to say uptimes greater than 1 year indicate
> > > that the system administration practises need review.
> > 
> > Agreed.  I've yet to hear about any seriously deployed system
> > go without security advisories for over a year.
> 
> Or perhaps this is a very talented system admin who values uptime
> and finds work arounds that don't envolve downing a system that do
> just as good, and sometimes better, than the vendor fix for the
> security issue.
> 
> Security Fix != Reboot required.

Well I was the one that asked Jake if he could provide a system
for patching static functions in the kernel.  If you search the
archives there is a patch for doing this.

It's actually quite reasonable to patch code out from under a running
system.  One can replace the entry opcode of the function with a 
jump to the patched code.  The only time this becomes a problem is
when structures change, however backporting the fix shouldn't be
a problem.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
Represent yourself, show up at BABUG http://www.babug.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message