Re: [PATCH 1/9] Known exploit detection

From: Vegard Nossum
Date: Fri Dec 13 2013 - 04:23:15 EST

Next message: kgene: "RE: [PATCH] ARM: S3C24XX: Fix configuration of gpio port sizes onS3C24XX."
Previous message: Sebastian Hesselbarth: "[PATCH v2 4/5] net: phy: resume/suspend PHYs on attach/detach"
In reply to: Jiri Kosina: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Ryan Mallon: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/13/2013 12:50 AM, Ryan Mallon wrote:

On 13/12/13 08:13, Kees Cook wrote:
On Thu, Dec 12, 2013 at 11:06 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
On Thu, Dec 12, 2013 at 05:52:24PM +0100, vegard.nossum@xxxxxxxxxx wrote:
The idea is simple -- since different kernel versions are vulnerable to
different root exploits, hackers most likely try multiple exploits before
they actually succeed.

The _exploit() notifications could also be used to spam the syslogs.
Although they are individually ratelimited, if there are enough
_exploit() markers in the kernel then an annoying person can cycle
through them all to generate large amounts of useless syslog.

They are rate limited collectively, not individually, so this should not be an issue.

Vegard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: kgene: "RE: [PATCH] ARM: S3C24XX: Fix configuration of gpio port sizes onS3C24XX."
Previous message: Sebastian Hesselbarth: "[PATCH v2 4/5] net: phy: resume/suspend PHYs on attach/detach"
In reply to: Jiri Kosina: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Ryan Mallon: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]