Re: [BUG] perf: bogus correlation of kernel symbols
From: Ingo Molnar
Date: Fri May 20 2011 - 14:43:20 EST
* Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:
> At least one distro (Red Hat) ships with panic_on_oops enabled by default, so
> attackers don't get more than one chance. Likewise, vulnerabilities in
> interrupt context will only have one chance, as will any issue where failed
> exploitation prevents subsequent attempts, as is frequently the case due to
> failures to clean up locking primitives on an OOPS.
So it's basically a last line of defense: the attacker has to assume the risk
of the attack being detected.
That has a chilling effect on some types of attacks: especially those where the
attacker goes against a high value target with a zero day kernel exploit.
Risking a crash does not just mean possibly alerting the target, but also means
possibly losing the zero-day exploit - if that oops log gets to a kernel
developer who starts wondering about the weird backtrace.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/