Hi, On Fri, 1 May 1998, Simone Castellaneta wrote:
One more question: I' ve seen, at Suse' s ftp, a kernel "patched against syndrop" and also a file called "2.0.33-fragment.diff" that should patch against nestea attacks. To patch my system (kernel 2.0.33), do I have to download the new patched kernel and apply "2.0.33-fragment.diff" or I can apply "2.0.33-fragment.diff" directly to my kernel "linux-2.0.33.pre.SuSE.3" and get patched also against syndrop?
You can just use the patch. It should apply cleanly against almost any 2.0.x kernel because it only alters one single file.
Are Nestea and Syndrop the same thing?
Yes. Initially the attack was called "syndrop" but meanwhile "nestea" seems to be the "official" name.
Last question: is it true that, to compile kernel successfully, I must log in as root and not log in as normal user than "su" in xterm window?
No. Getting root privilegies with "su" is sufficient to compile the kernel. In fact, you could "chown -R <user> /usr/src/linux" and <user> would be able to compile the kernel. You need to be root to activate the new kernel for LILO, of course.
Thanks for your help.
Bye.
P.S.: If I would like to patch "manually" my ip_fragment.c, what should I change? I should look in the original file for line
if (fp->len < 0 || count+fp->len > skb->len)
and replace it with line
if (fp->len < 0 || fp->offset+qp->ihlen+fp->len > skb->len)
than configure and compile the kernel?
Correct. This one line is the correct fix for the nestea attack.
P.S.2: What would it happen if during kernel configuration, I specify a wrong address for a card... say sound card or network card? Will system lock up at startup or it would simply ignore the device?
In most (almost all) cases the device simply will not work. There have been rare cases in the past where a wrong address could lead to a system hang, but I didn't see something like that for quite a long time. Hubert -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e