* [RFC PATCH 1/9] security/fbfam: Add a Kconfig to enable the fbfam feature
@ 2020-09-06 15:21 John Wood
0 siblings, 0 replies; only message in thread
From: John Wood @ 2020-09-06 15:21 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: John Wood
Add a menu entry under "Security options" to enable the "Fork brute
force attack mitigation" feature.
Signed-off-by: John Wood <john.wood@gmx.com>
---
security/Kconfig | 1 +
security/fbfam/Kconfig | 10 ++++++++++
2 files changed, 11 insertions(+)
create mode 100644 security/fbfam/Kconfig
diff --git a/security/Kconfig b/security/Kconfig
index 7561f6f99f1d..00a90e25b8d5 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -290,6 +290,7 @@ config LSM
If unsure, leave this as the default.
source "security/Kconfig.hardening"
+source "security/fbfam/Kconfig"
endmenu
diff --git a/security/fbfam/Kconfig b/security/fbfam/Kconfig
new file mode 100644
index 000000000000..bbe7f6aad369
--- /dev/null
+++ b/security/fbfam/Kconfig
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: GPL-2.0
+config FBFAM
+ bool "Fork brute force attack mitigation"
+ default n
+ help
+ This is a user defense that detects any fork brute force attack
+ based on the application's crashing rate. When this measure is
+ triggered the fork system call is blocked.
+
+ If you are unsure how to answer this question, answer N.
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-06 15:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-06 15:21 [RFC PATCH 1/9] security/fbfam: Add a Kconfig to enable the fbfam feature John Wood
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.