lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 17 Jan 2019 11:59:04 +0100
From:   Vincent Whitchurch <vincent.whitchurch@...s.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        "Luis R. Rodriguez" <mcgrof@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] sysctl: Add panic-fatal-signals

On Wed, Jan 16, 2019 at 09:06:18AM -0800, Kees Cook wrote:
> On Wed, Jan 16, 2019 at 4:54 AM Vincent Whitchurch
> <vincent.whitchurch@...s.com> wrote:
> > Add a sysctl which asks the kernel to panic when any userspace process
> > receives a fatal signal which would trigger a core dump.  This has
> > proven to be quite useful when debugging problems seen during testing of
> > embedded systems:  When combined with kernel core dumps (saved due to
> > the panic), it allows easier debugging of crashes which have their
> > origin in system-wide problems such as buggy drivers or other kernel or
> > hardware-related issues.
> >
> > The crashing process's core dump can be extracted from the kernel core
> > dump using tools such as the crash utility's gcore extension.
> 
> Whoa. That's intense. :)

"Insane" is the word I used myself in an earlier draft of the commit
message. :)

> If you have a use-case for it, then I guess I
> can't complain. Given that this is an instant DoS for a system that
> isn't expecting it, I do wonder if it should live behind a CONFIG or
> something to make it available only when really wanted?

Sure, I can put it behind a "depends on EXPERT" config option.  Distros
and the like should have no reason to provide access to such a sysctl.

Powered by blists - more mailing lists