From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3FB8C433B4 for ; Fri, 9 Apr 2021 15:06:47 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 59F84610CA for ; Fri, 9 Apr 2021 15:06:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 59F84610CA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.94) (envelope-from ) id 1lUsiK-0006Hj-Cw; Fri, 09 Apr 2021 11:06:28 -0400 Received: from mga03.intel.com ([134.134.136.65]) by shelob.surriel.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from ) id 1lUsiI-0006H4-E2 for kernelnewbies@kernelnewbies.org; Fri, 09 Apr 2021 11:06:26 -0400 IronPort-SDR: Xsrh8OmmS9bOFc+dHUS4ZCU9rSoCKy/STaxpLWL9rENljUQcUoF/1V7LAEPDoAd5N5gDXZ++4S jtqIwFLmM+GA== X-IronPort-AV: E=McAfee;i="6000,8403,9949"; a="193818666" X-IronPort-AV: E=Sophos;i="5.82,209,1613462400"; d="scan'208";a="193818666" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2021 08:06:23 -0700 IronPort-SDR: /wVm2hicwDL+mPMJldBYgRL/zdJftraLv1zqEdg9igTL/jIoY+gywi1ZJn0rJ6GqFugbQf3xIG Oco/Bu8CydIg== X-IronPort-AV: E=Sophos;i="5.82,209,1613462400"; d="scan'208";a="416297977" Received: from tassilo.jf.intel.com ([10.54.74.11]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2021 08:06:23 -0700 Date: Fri, 9 Apr 2021 08:06:21 -0700 From: Andi Kleen To: John Wood Subject: Re: Notify special task kill using wait* functions Message-ID: <20210409150621.GJ3762101@tassilo.jf.intel.com> References: <20210403070226.GA3002@ubuntu> <145687.1617485641@turing-police> <20210404094837.GA3263@ubuntu> <193167.1617570625@turing-police> <20210405073147.GA3053@ubuntu> <115437.1617753336@turing-police> <20210407175151.GA3301@ubuntu> <184666.1617827926@turing-police> <20210408015148.GB3762101@tassilo.jf.intel.com> <20210409142933.GA3150@ubuntu> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20210409142933.GA3150@ubuntu> Cc: kernel-hardening@lists.openwall.com, Valdis =?utf-8?Q?Kl=C4=93tnieks?= , Kees Cook , kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kernelnewbies-bounces@kernelnewbies.org > > Any caching of state is inherently insecure because any caches of limited > > size can be always thrashed by a purposeful attacker. I suppose the > > only thing that would work is to actually write something to the > > executable itself on disk, but of course that doesn't always work either. > > I'm also working on this. In the next version I will try to find a way to > prevent brute force attacks through the execve system call with more than > one level of forking. Thanks. Thinking more about it what I wrote above wasn't quite right. The cache would only need to be as big as the number of attackable services/suid binaries. Presumably on many production systems that's rather small, so a cache (which wouldn't actually be a cache, but a complete database) might actually work. -Andi _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies