lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2019 11:59:04 +0100 From: Vincent Whitchurch <vincent.whitchurch@...s.com> To: Kees Cook <keescook@...omium.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, "Luis R. Rodriguez" <mcgrof@...nel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] sysctl: Add panic-fatal-signals On Wed, Jan 16, 2019 at 09:06:18AM -0800, Kees Cook wrote: > On Wed, Jan 16, 2019 at 4:54 AM Vincent Whitchurch > <vincent.whitchurch@...s.com> wrote: > > Add a sysctl which asks the kernel to panic when any userspace process > > receives a fatal signal which would trigger a core dump. This has > > proven to be quite useful when debugging problems seen during testing of > > embedded systems: When combined with kernel core dumps (saved due to > > the panic), it allows easier debugging of crashes which have their > > origin in system-wide problems such as buggy drivers or other kernel or > > hardware-related issues. > > > > The crashing process's core dump can be extracted from the kernel core > > dump using tools such as the crash utility's gcore extension. > > Whoa. That's intense. :) "Insane" is the word I used myself in an earlier draft of the commit message. :) > If you have a use-case for it, then I guess I > can't complain. Given that this is an instant DoS for a system that > isn't expecting it, I do wonder if it should live behind a CONFIG or > something to make it available only when really wanted? Sure, I can put it behind a "depends on EXPERT" config option. Distros and the like should have no reason to provide access to such a sysctl.
Powered by blists - more mailing lists