lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 3 Jul 2011 23:53:06 +0400
From:	Vasiliy Kulikov <segoon@...nwall.com>
To:	Joe Perches <joe@...ches.com>
Cc:	kernel-hardening@...ts.openwall.com,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	Arnd Bergmann <arnd@...db.de>,
	Christoph Lameter <cl@...ux-foundation.org>,
	Pekka Enberg <penberg@...nel.org>,
	Matt Mackall <mpm@...enic.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
	linux-mm@...ck.org
Subject: Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack
 usercopy runtime checks

On Sun, Jul 03, 2011 at 12:37 -0700, Joe Perches wrote:
> On Sun, 2011-07-03 at 23:24 +0400, Vasiliy Kulikov wrote:
> > Btw, if the perfomance will be acceptable, what do you think about
> > logging/reacting on the spotted overflows?
> 
> If you do, it might be useful to track the found location(s)

Sure.


> and only emit the overflow log entry once as found.

Hmm, if consider it as a purely debugging feature, then yes.  But if
consider it as a try to block some exploitation attempt, then no.
I'd appresiate the latter.


> Maybe use __builtin_return_address(depth) for tracking.

PaX/Grsecurity uses dump_stack() and do_group_exit(SIGKILL);  If setup,
it kills all user's processes and locks the user for some time.  I don't
really propose the latter, but some reaction (to at least slowdown a
blind bruteforce) might be useful.


Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists