Denial Of Service attack on HTTP server
Denys Vlasenko
vda.linux at googlemail.com
Thu Mar 4 03:56:05 UTC 2010
On Wednesday 03 March 2010 06:11, Ajith Adapa wrote:
> >> Sorry I havent found any specific fixes for this issues and I wanted
> >> to know if any of them seeing this issue got fixed in new busybox
> >> version ?
> >
> > I propose simply building latest 1.15.x or 1.16.0 and trying it.
>
> I cant simply remove the existing busybox code and replace it with
> 1.15.x or 1.16.0 codebase just for httpd.c file.
> But can anyone tell me how to test the latest busybox by building the
> codebase and testing in a standlone linux machine or emulator rather
> than in an embedded device??
You can download 1.15.x, run "make allnoconfig",
editing a few options in .config file to enable httpd (+ CONFIG_STATIC,
CONFIG_CROSS_COMPILER etc), and run "make".
Then you can replace _only_ httpd on the target system with
version 1.15.x, leaving everything else as-is.
It'll take about 15 minutes.
--
vda
More information about the busybox
mailing list