linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Richard Weinberger <richard@nod.at>
To: Andy Lutomirski <luto@amacapital.net>, Pavel Machek <pavel@ucw.cz>
Cc: Jiri Kosina <jkosina@suse.cz>, Kees Cook <keescook@chromium.org>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	David Rientjes <rientjes@google.com>,
	Aaron Tomlin <atomlin@redhat.com>,
	DaeSeok Youn <daeseok.youn@gmail.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	vdavydov@parallels.com, Rik van Riel <riel@redhat.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Ingo Molnar <mingo@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
	Brad Spengler <spender@grsecurity.net>
Subject: Re: [PATCH] [RFC] Deter exploit bruteforcing
Date: Sun, 04 Jan 2015 00:19:55 +0100	[thread overview]
Message-ID: <54A8791B.6020001@nod.at> (raw)
In-Reply-To: <CALCETrWBHJ52YjowqJ7S90bXvkw_B1VxbkSDKpyjwC1WYvGE3w@mail.gmail.com>

Am 04.01.2015 um 00:06 schrieb Andy Lutomirski:
> As an attempt to help end this particular line of debate: putting the
> sleep in glibc won't work.  The point isn't to make the crashed
> process crash more slowly; it's to limit the rate at which *new*
> siblings can be forked and crashed as a canary or ASLR brute-force
> probe.  IOW, adding a sleep call to glibc slows down the wrong thing.
> Also, trying to get libc to take action on a plain old segfault is a
> giant mess, because it involves mucking with signal handling, which
> glibc really has no business doing by default.

Thanks for pointing this out!

> Also, this patch is missing a bit, I think.  We really want to control
> the total rate of crashes.  This patch imposes a delay per crash, but
> AFAICS it would still be possible for an attacker to coerce a forking
> server to fork, say, 10k children, then probe all of them, then wait
> 30 seconds and repeat.

Sounds reasonable. This is exactly why I've extracted that feature from
grsecurity and posted it here on LKML.
Now we have the chance to make the feature better and can identify weak points.

Thanks,
//richard

  reply	other threads:[~2015-01-03 23:19 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-24 21:39 [PATCH] [RFC] Deter exploit bruteforcing Richard Weinberger
2014-12-30 18:40 ` Kees Cook
2014-12-30 18:49   ` Andy Lutomirski
2014-12-30 18:50   ` Richard Weinberger
2015-01-02  5:11   ` Pavel Machek
2015-01-02 11:00     ` Richard Weinberger
2015-01-02 19:46       ` Pavel Machek
2015-01-02 21:40         ` Richard Weinberger
2015-01-02 22:29           ` Pavel Machek
2015-01-02 22:32             ` Jiri Kosina
2015-01-02 22:46               ` Pavel Machek
2015-01-02 22:49                 ` Jiri Kosina
2015-01-02 22:53                   ` Jiri Kosina
2015-01-02 22:54                   ` Pavel Machek
2015-01-02 23:00                     ` Richard Weinberger
2015-01-02 23:08                       ` Pavel Machek
2015-01-03  9:45                         ` Richard Weinberger
2015-01-03 22:36                           ` Pavel Machek
2015-01-03 22:44                             ` Richard Weinberger
2015-01-03 23:01                               ` Pavel Machek
2015-01-03 23:07                                 ` Richard Weinberger
2015-01-03 23:06                             ` Andy Lutomirski
2015-01-03 23:19                               ` Richard Weinberger [this message]
2015-01-05 22:56                                 ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54A8791B.6020001@nod.at \
    --to=richard@nod.at \
    --cc=akpm@linux-foundation.org \
    --cc=atomlin@redhat.com \
    --cc=daeseok.youn@gmail.com \
    --cc=jkosina@suse.cz \
    --cc=keescook@chromium.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=oleg@redhat.com \
    --cc=pavel@ucw.cz \
    --cc=peterz@infradead.org \
    --cc=riel@redhat.com \
    --cc=rientjes@google.com \
    --cc=spender@grsecurity.net \
    --cc=tglx@linutronix.de \
    --cc=vdavydov@parallels.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).