Re: [PATCH] [RFC] Deter exploit bruteforcing

From: Pavel Machek
Date: Fri Jan 02 2015 - 17:54:27 EST

Next message: Richard Weinberger: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Previous message: Jiri Kosina: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
In reply to: Jiri Kosina: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Next in thread: Richard Weinberger: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri 2015-01-02 23:49:52, Jiri Kosina wrote:
> On Fri, 2 Jan 2015, Pavel Machek wrote:
>
> > > You also want to protect against binaries that are evil on purpose,
> > > right?
> >
> > Umm. No. Not by default. We don't want to break crashme or trinity by
> > default.
>
> I thought trinity is issuing syscalls directly (would make more sense than
> going through glibc, wouldn't it?) ... haven't checked the source though.

Patch in this thread wanted to insert delays into kernel on SIGSEGV
processing. That's bad idea by default.

But changing glibc to do sleep(30); abort(); instead of abort(); to
slow down bruteforcing of canaries makes some kind of sense... and
should be ok by default.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Weinberger: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Previous message: Jiri Kosina: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
In reply to: Jiri Kosina: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Next in thread: Richard Weinberger: "Re: [PATCH] [RFC] Deter exploit bruteforcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]