From: keescook@chromium.org (Kees Cook)
To: linux-arm-kernel@lists.infradead.org
Subject: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 12:14:23 -0700 [thread overview]
Message-ID: <CAGXu5jLiD1xEb=dDuf+_2JVzmkH_6O5-m=p=AVvi7qgQ+SV4UA@mail.gmail.com> (raw)
In-Reply-To: <1468609254.32683.34.camel@gmail.com>
On Fri, Jul 15, 2016 at 12:00 PM, Daniel Micay <danielmicay@gmail.com> wrote:
>> This could be a BUG, but I'd rather not panic the entire kernel.
>
> It seems unlikely that it will panic without panic_on_oops and that's
> an explicit opt-in to taking down the system on kernel logic errors
> exactly like this. In grsecurity, it calls the kernel exploit handling
> logic (panic if root, otherwise kill all process of that user and ban
> them until reboot) but that same logic is also called for BUG via oops
> handling so there's only really a distinction with panic_on_oops=1.
>
> Does it make sense to be less fatal for a fatal assertion that's more
> likely to be security-related? Maybe you're worried about having some
> false positives for the whitelisting portion, but I don't think those
> will lurk around very long with the way this works.
I'd like it to dump stack and be fatal to the process involved, but
yeah, I guess BUG() would work. Creating an infrastructure for
handling security-related Oopses can be done separately from this (and
I'd like to see that added, since it's a nice bit of configurable
reactivity to possible attacks).
-Kees
--
Kees Cook
Chrome OS & Brillo Security
next prev parent reply other threads:[~2016-07-15 19:14 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 21:55 [PATCH v2 0/11] mm: Hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:04 ` Kees Cook
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 18:10 ` Kees Cook
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 21:38 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 02/11] mm: Hardened usercopy Kees Cook
2016-07-14 23:20 ` Balbir Singh
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:41 ` Balbir Singh
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 12:55 ` Balbir Singh
2016-07-15 4:25 ` Kees Cook
2016-07-15 19:00 ` [kernel-hardening] " Daniel Micay
2016-07-15 19:14 ` Kees Cook [this message]
2016-07-15 19:19 ` Daniel Micay
2016-07-15 19:23 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 04/11] ARM: uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 05/11] arm64/uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 06/11] ia64/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 07/11] powerpc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 08/11] sparc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 09/11] s390/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-13 21:56 ` [PATCH v2 11/11] mm: SLUB " Kees Cook
2016-07-15 2:05 ` Balbir Singh
2016-07-15 4:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jLiD1xEb=dDuf+_2JVzmkH_6O5-m=p=AVvi7qgQ+SV4UA@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).