From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FFB9C2D0A7 for ; Thu, 10 Sep 2020 20:40:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C92CF20829 for ; Thu, 10 Sep 2020 20:40:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WH2gIvD2" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726518AbgIJUkn (ORCPT ); Thu, 10 Sep 2020 16:40:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727030AbgIJUjh (ORCPT ); Thu, 10 Sep 2020 16:39:37 -0400 Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B15B5C0613ED for ; Thu, 10 Sep 2020 13:39:32 -0700 (PDT) Received: by mail-ed1-x543.google.com with SMTP id n22so7734033edt.4 for ; Thu, 10 Sep 2020 13:39:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QYmngQGxhwrP1IO10+U44hIuDR+Bh29FacWTWPCzifs=; b=WH2gIvD2kocNW47TzoJUq8vy8koxj0ikTiqTurIt6Osqva8P4NIsbGtJVGwywUIjkq xe3qkruoqIuEPaS3xmqhN2h7V3FGdVjN/fZNXtAtjbUs+ii6wOWOxYBwlihrbKA6Dsi2 ZcxxkAAiqBfwAJnSmslWIncB3hpPqqLBsQnucMZPZcNa3susHR1gFRdjKlEQ6Zwl4evT Ngj6/THEyDfAL+bxEhBtLcLnD1Efcq5a03Byz8i2VKTt0P9PSzdVa+iwn8BOcmkqFZjj WKCR+bEgC/b8wFZGdDbKxyU2GcFt1zleojRTJ6mzpqrmZfP30xuKihxrC7oSbqE+O1e4 z6+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QYmngQGxhwrP1IO10+U44hIuDR+Bh29FacWTWPCzifs=; b=lJtCu1sJpEtCNwfD0as1pPC9kFoODCTuZW01uG/r5GYHl269hcwobpriDxJShWulhX MszPjMaomfVY3/ISOu2AjzeihrNhPn0CKPB9EmupCIJC0qGyfh1bjvfOJyPjNWF5xWR4 b9LAxEXvWZfF0As1GO/rC/b+iBt++3PHVjFIa1G1rKiEsvrpiBIfI8G6uWD2zUggfQoS DP7M9L3iLIjLvIQAqJCDveF0xS3nosJ6oaOABpjRVf3ZZsrGaBflPb/u12adsj8iv2JA 2ivBcbv46AaMIqndw4hekKcuSzWov4rzuWouVsUwjWuXmbXvnKRvSqoeAvZzGOtrAUMp WJRA== X-Gm-Message-State: AOAM533SdfQ3vwTeretcn6n5ltAE1AkQObkRu8ALeQVwIXmqvT5XApIk Da7nxTO/Pli9REqI241hZ2vlf+BqaJQZVLUvbJeFWA== X-Google-Smtp-Source: ABdhPJzQ6i+tHlAxsWiND/QkNM3WvkTC+Ju6Mk1rDHZmgMyEa8UX1fZqVV5xbVt8ItiYrZl+V7nr/bCNAXGD3jgXwtk= X-Received: by 2002:a05:6402:7d2:: with SMTP id u18mr11556708edy.69.1599770370678; Thu, 10 Sep 2020 13:39:30 -0700 (PDT) MIME-Version: 1.0 References: <20200910202107.3799376-1-keescook@chromium.org> In-Reply-To: <20200910202107.3799376-1-keescook@chromium.org> From: Jann Horn Date: Thu, 10 Sep 2020 22:39:04 +0200 Message-ID: Subject: Re: [RESEND][RFC PATCH 0/6] Fork brute force attack mitigation (fbfam) To: Kees Cook , John Wood Cc: Kernel Hardening , Matthew Wilcox , Jonathan Corbet , Alexander Viro , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Luis Chamberlain , Iurii Zaikin , James Morris , "Serge E. Hallyn" , linux-doc@vger.kernel.org, kernel list , linux-fsdevel , linux-security-module Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 10, 2020 at 10:21 PM Kees Cook wrote: > [kees: re-sending this series on behalf of John Wood > also visible at https://github.com/johwood/linux fbfam] [...] > The goal of this patch serie is to detect and mitigate a fork brute force > attack. > > Attacks with the purpose to break ASLR or bypass canaries traditionaly use > some level of brute force with the help of the fork system call. This is > possible since when creating a new process using fork its memory contents > are the same as those of the parent process (the process that called the > fork system call). So, the attacker can test the memory infinite times to > find the correct memory values or the correct memory addresses without > worrying about crashing the application. For the next version of this patchset, you may want to clarify that this is intended to stop brute force attacks *against vulnerable userspace processes* that fork off worker processes. I was halfway through the patch series before I realized that. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA4C1C433E2 for ; Thu, 10 Sep 2020 20:39:49 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 1CBAD20829 for ; Thu, 10 Sep 2020 20:39:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WH2gIvD2" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1CBAD20829 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-19866-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 10133 invoked by uid 550); 10 Sep 2020 20:39:43 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 10109 invoked from network); 10 Sep 2020 20:39:42 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QYmngQGxhwrP1IO10+U44hIuDR+Bh29FacWTWPCzifs=; b=WH2gIvD2kocNW47TzoJUq8vy8koxj0ikTiqTurIt6Osqva8P4NIsbGtJVGwywUIjkq xe3qkruoqIuEPaS3xmqhN2h7V3FGdVjN/fZNXtAtjbUs+ii6wOWOxYBwlihrbKA6Dsi2 ZcxxkAAiqBfwAJnSmslWIncB3hpPqqLBsQnucMZPZcNa3susHR1gFRdjKlEQ6Zwl4evT Ngj6/THEyDfAL+bxEhBtLcLnD1Efcq5a03Byz8i2VKTt0P9PSzdVa+iwn8BOcmkqFZjj WKCR+bEgC/b8wFZGdDbKxyU2GcFt1zleojRTJ6mzpqrmZfP30xuKihxrC7oSbqE+O1e4 z6+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QYmngQGxhwrP1IO10+U44hIuDR+Bh29FacWTWPCzifs=; b=WrJQGInKSdiFAYGqrW1W3NkuA3LAZ38wB67s7R6/Q6GX9O9WSMcFcvaptMVTTZ2Qhc F8AUZxgZOFITvpsnPSR3qiD9zjnX4SoXQcPZiBMQbKC5TQA1gT99oWMOcXCbYV3u2pgV 1a0j3KLFIqX6xsrjsllTaPODu+a2phMQCJWmTomFTXIO470pzAGLXfkvNXc27/FtnxcF nLA/1uZb5rHxFsUvF5VdjCx4c2qSQVauYs38geTJPRTf/Ih7TDcHOQhM9jZbnvNUezxU UoF2Peqqp9nEDFWkDwX7lppb3p8BoOGem382dP+4W+8/+uoaJP0k3hqWSMHHxBoV4gL5 ZD2w== X-Gm-Message-State: AOAM530gfZdbaCZ+sd198dAE9bkAoDBo4CCy7Xo7kXA+mTB73/4pBM5E qzbsM8E4Y86a/xi/9wO7HkunREcFS49m5ipK6SqlAQ== X-Google-Smtp-Source: ABdhPJzQ6i+tHlAxsWiND/QkNM3WvkTC+Ju6Mk1rDHZmgMyEa8UX1fZqVV5xbVt8ItiYrZl+V7nr/bCNAXGD3jgXwtk= X-Received: by 2002:a05:6402:7d2:: with SMTP id u18mr11556708edy.69.1599770370678; Thu, 10 Sep 2020 13:39:30 -0700 (PDT) MIME-Version: 1.0 References: <20200910202107.3799376-1-keescook@chromium.org> In-Reply-To: <20200910202107.3799376-1-keescook@chromium.org> From: Jann Horn Date: Thu, 10 Sep 2020 22:39:04 +0200 Message-ID: Subject: Re: [RESEND][RFC PATCH 0/6] Fork brute force attack mitigation (fbfam) To: Kees Cook , John Wood Cc: Kernel Hardening , Matthew Wilcox , Jonathan Corbet , Alexander Viro , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Luis Chamberlain , Iurii Zaikin , James Morris , "Serge E. Hallyn" , linux-doc@vger.kernel.org, kernel list , linux-fsdevel , linux-security-module Content-Type: text/plain; charset="UTF-8" On Thu, Sep 10, 2020 at 10:21 PM Kees Cook wrote: > [kees: re-sending this series on behalf of John Wood > also visible at https://github.com/johwood/linux fbfam] [...] > The goal of this patch serie is to detect and mitigate a fork brute force > attack. > > Attacks with the purpose to break ASLR or bypass canaries traditionaly use > some level of brute force with the help of the fork system call. This is > possible since when creating a new process using fork its memory contents > are the same as those of the parent process (the process that called the > fork system call). So, the attacker can test the memory infinite times to > find the correct memory values or the correct memory addresses without > worrying about crashing the application. For the next version of this patchset, you may want to clarify that this is intended to stop brute force attacks *against vulnerable userspace processes* that fork off worker processes. I was halfway through the patch series before I realized that.