Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Sep 2020 22:39:04 +0200
From: Jann Horn <>
To: Kees Cook <>, John Wood <>
Cc: Kernel Hardening <>, 
	Matthew Wilcox <>, Jonathan Corbet <>, 
	Alexander Viro <>, Ingo Molnar <>, 
	Peter Zijlstra <>, Juri Lelli <>, 
	Vincent Guittot <>, Dietmar Eggemann <>, 
	Steven Rostedt <>, Ben Segall <>, Mel Gorman <>, 
	Luis Chamberlain <>, Iurii Zaikin <>, James Morris <>, 
	"Serge E. Hallyn" <>,, 
	kernel list <>, 
	linux-fsdevel <>, 
	linux-security-module <>
Subject: Re: [RESEND][RFC PATCH 0/6] Fork brute force attack mitigation (fbfam)

On Thu, Sep 10, 2020 at 10:21 PM Kees Cook <> wrote:
> [kees: re-sending this series on behalf of John Wood <>
> also visible at fbfam]
> The goal of this patch serie is to detect and mitigate a fork brute force
> attack.
> Attacks with the purpose to break ASLR or bypass canaries traditionaly use
> some level of brute force with the help of the fork system call. This is
> possible since when creating a new process using fork its memory contents
> are the same as those of the parent process (the process that called the
> fork system call). So, the attacker can test the memory infinite times to
> find the correct memory values or the correct memory addresses without
> worrying about crashing the application.

For the next version of this patchset, you may want to clarify that
this is intended to stop brute force attacks *against vulnerable
userspace processes* that fork off worker processes. I was halfway
through the patch series before I realized that.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.