From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Weinberger <richard@nod.at>
Subject: Re: [PATCH] [RFC] Deter exploit bruteforcing
Date: Sat, 03 Jan 2015 00:00:22 +0100
Message-ID: <54A72306.2050908@nod.at>
References: <1419457167-15042-1-git-send-email-richard@nod.at> <CAGXu5jKxzyjzoY_khgZu7TbxMhfG3jiXGObiaiUhx6g5-k9c6Q@mail.gmail.com> <20150102051142.GF4873@amd> <54A67A38.3000207@nod.at> <20150102194616.GA27538@amd> <54A7103E.6020500@nod.at> <20150102222936.GA29018@amd> <alpine.LRH.2.00.1501022331060.30884@twin.jikos.cz> <20150102224646.GB29018@amd> <alpine.LNX.2.00.1501022348070.16297@pobox.suse.cz> <20150102225420.GC29018@amd>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: Kees Cook <keescook@chromium.org>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	David Rientjes <rientjes@google.com>,
	Aaron Tomlin <atomlin@redhat.com>,
	DaeSeok Youn <daeseok.youn@gmail.com>,
	Thomas Gleixner <tglx@linutronix.de>, vdavydov@parallels.com,
	Rik van Riel <riel@redhat.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Andy Lutomirski <luto@amacapital.net>,
	Brad Spengler <spender@grsecurity.net>
To: Pavel Machek <pavel@ucw.cz>, Jiri Kosina <jkosina@suse.cz>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20150102225420.GC29018@amd>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Am 02.01.2015 um 23:54 schrieb Pavel Machek:
> On Fri 2015-01-02 23:49:52, Jiri Kosina wrote:
>> On Fri, 2 Jan 2015, Pavel Machek wrote:
>>
>>>> You also want to protect against binaries that are evil on purpose,
>>>> right?
>>>
>>> Umm. No. Not by default. We don't want to break crashme or trinity by
>>> default.
>>
>> I thought trinity is issuing syscalls directly (would make more sense than 
>> going through glibc, wouldn't it?) ... haven't checked the source though.
> 
> Patch in this thread wanted to insert delays into kernel on SIGSEGV
> processing. That's bad idea by default.

No. This is not what this patch does.

> But changing glibc to do sleep(30); abort(); instead of abort(); to
> slow down bruteforcing of canaries makes some kind of sense... and
> should be ok by default.

As I saidn only focusing one the specific stack canary case is not enough.

Thanks,
//richard