Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210409150621.GJ3762101@tassilo.jf.intel.com>
Date: Fri, 9 Apr 2021 08:06:21 -0700
From: Andi Kleen <ak@...ux.intel.com>
To: John Wood <john.wood@....com>
Cc: Valdis Klētnieks <valdis.kletnieks@...edu>,
	kernelnewbies@...nelnewbies.org, Kees Cook <keescook@...omium.org>,
	kernel-hardening@...ts.openwall.com
Subject: Re: Notify special task kill using wait* functions

> > Any caching of state is inherently insecure because any caches of limited
> > size can be always thrashed by a purposeful attacker. I suppose the
> > only thing that would work is to actually write something to the
> > executable itself on disk, but of course that doesn't always work either.
> 
> I'm also working on this. In the next version I will try to find a way to
> prevent brute force attacks through the execve system call with more than
> one level of forking.

Thanks.

Thinking more about it what I wrote above wasn't quite right. The cache
would only need to be as big as the number of attackable services/suid
binaries. Presumably on many production systems that's rather small,
so a cache (which wouldn't actually be a cache, but a complete database)
might actually work.

-Andi

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.