[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k0q0l4s8.fsf@meer.lwn.net>
Date: Sun, 21 Mar 2021 12:50:47 -0600
From: Jonathan Corbet <corbet@....net>
To: John Wood <john.wood@....com>, Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>,
Randy Dunlap <rdunlap@...radead.org>,
James Morris <jmorris@...ei.org>, Shuah Khan <shuah@...nel.org>
Cc: John Wood <john.wood@....com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Andi Kleen <ak@...ux.intel.com>,
kernel test robot <oliver.sang@...el.com>,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org,
kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM
John Wood <john.wood@....com> writes:
> Add some info detailing what is the Brute LSM, its motivation, weak
> points of existing implementations, proposed solutions, enabling,
> disabling and self-tests.
>
> Signed-off-by: John Wood <john.wood@....com>
> ---
> Documentation/admin-guide/LSM/Brute.rst | 278 ++++++++++++++++++++++++
> Documentation/admin-guide/LSM/index.rst | 1 +
> security/brute/Kconfig | 3 +-
> 3 files changed, 281 insertions(+), 1 deletion(-)
> create mode 100644 Documentation/admin-guide/LSM/Brute.rst
Thanks for including documentation with the patch!
As you get closer to merging this, though, you'll want to take a minute
(OK, a few minutes) to build the docs and look at the result; there are
a number of places where you're not going to get what you expect. Just
as an example:
[...]
> +Based on the above scenario it would be nice to have this detected and
> +mitigated, and this is the goal of this implementation. Specifically the
> +following attacks are expected to be detected:
> +
> +1.- Launching (fork()/exec()) a setuid/setgid process repeatedly until a
> + desirable memory layout is got (e.g. Stack Clash).
> +2.- Connecting to an exec()ing network daemon (e.g. xinetd) repeatedly until a
> + desirable memory layout is got (e.g. what CTFs do for simple network
> + service).
> +3.- Launching processes without exec() (e.g. Android Zygote) and exposing state
> + to attack a sibling.
> +4.- Connecting to a fork()ing network daemon (e.g. apache) repeatedly until the
> + previously shared memory layout of all the other children is exposed (e.g.
> + kind of related to HeartBleed).
Sphinx will try to recognize your enumerated list, but that may be a bit
more punctuation than it is prepared to deal with; I'd take the hyphens
out, if nothing else.
[...]
> +These statistics are hold by the brute_stats struct.
> +
> +struct brute_cred {
> + kuid_t uid;
> + kgid_t gid;
> + kuid_t suid;
> + kgid_t sgid;
> + kuid_t euid;
> + kgid_t egid;
> + kuid_t fsuid;
> + kgid_t fsgid;
> +};
That will certainly not render the way you want. What you need here is
a literal block:
These statistics are hold by the brute_stats struct::
struct brute_cred {
kuid_t uid;
kgid_t gid;
kuid_t suid;
kgid_t sgid;
kuid_t euid;
kgid_t egid;
kuid_t fsuid;
kgid_t fsgid;
};
The "::" causes all of the indented text following to be formatted
literally.
Thanks,
jon
Powered by blists - more mailing lists