Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy

From: Kees Cook
Date: Fri Jul 15 2016 - 15:23:20 EST


On Fri, Jul 15, 2016 at 12:19 PM, Daniel Micay <danielmicay@xxxxxxxxx> wrote:
>> I'd like it to dump stack and be fatal to the process involved, but
>> yeah, I guess BUG() would work. Creating an infrastructure for
>> handling security-related Oopses can be done separately from this
>> (and
>> I'd like to see that added, since it's a nice bit of configurable
>> reactivity to possible attacks).
>
> In grsecurity, the oops handling also uses do_group_exit instead of
> do_exit but both that change (or at least the option to do it) and the
> exploit handling could be done separately from this without actually
> needing special treatment for USERCOPY. Could expose is as something
> like panic_on_oops=2 as a balance between the existing options.

I'm also uncomfortable about BUG() being removed by unsetting
CONFIG_BUG, but that seems unlikely. :)

-Kees

--
Kees Cook
Chrome OS & Brillo Security