archive mirror
 help / color / mirror / Atom feed
From: John Wood <>
To: Alexander Lobakin <>
Cc: John Wood <>, Kees Cook <>,
	Jann Horn <>, Jonathan Corbet <>,
	James Morris <>,
	"Serge E. Hallyn" <>,
	Shuah Khan <>,
	Thomas Gleixner <>,
	Ingo Molnar <>, Borislav Petkov <>,, "H. Peter Anvin" <>,
	Arnd Bergmann <>, Andi Kleen <>,,
	Greg Kroah-Hartman <>,
	Randy Dunlap <>,
	Andrew Morton <>,,,,,,,
Subject: Re: [PATCH v8 3/8] security/brute: Detect a brute force attack
Date: Sat, 3 Jul 2021 12:59:28 +0200	[thread overview]
Message-ID: <20210703105928.GA2830@ubuntu> (raw)
In-Reply-To: <>


On Fri, Jul 02, 2021 at 05:08:09PM +0000, Alexander Lobakin wrote:
> On the other hand, it leaves a potentional window for attackers to
> perform brute force from xattr-incapable filesystems. So at the end
> of the day I think that the current implementation (a strong
> rejection of such filesystems) is way more secure than having
> a fallback I proposed.

I've been thinking more about this: that the Brute LSM depends on xattr
support and I don't like this part. I want that brute force attacks can
be detected and mitigated on every system (with minimal dependencies).
So, now I am working in a solution without this drawback. I have some
ideas but I need to work on it.

> I'm planning to make a patch which will eliminate such weird rootfs
> type selection and just always use more feature-rich tmpfs if it's
> compiled in. So, as an alternative, you could add it to your series
> as a preparatory change and just add a Kconfig dependency on
> without messing with any fallbacks at all.
> What do you think?

Great. But I hope this patch will not be necessary for Brute LSM :)

John Wood

  reply	other threads:[~2021-07-03 11:00 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-01 23:55 [PATCH v8 3/8] security/brute: Detect a brute force attack Alexander Lobakin
2021-07-02 14:59 ` John Wood
2021-07-02 17:08   ` Alexander Lobakin
2021-07-03 10:59     ` John Wood [this message]
2021-07-04 14:01       ` John Wood
2021-07-05 12:52         ` Alexander Lobakin
  -- strict thread matches above, loose matches on Subject: below --
2021-06-05 15:03 [PATCH v8 0/8] Fork brute force attack mitigation John Wood
2021-06-05 15:04 ` [PATCH v8 3/8] security/brute: Detect a brute force attack John Wood

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210703105928.GA2830@ubuntu \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).