Re: [PATCH] [RFC] Deter exploit bruteforcing

From: Richard Weinberger
Date: Fri Jan 02 2015 - 18:00:34 EST


Am 02.01.2015 um 23:54 schrieb Pavel Machek:
> On Fri 2015-01-02 23:49:52, Jiri Kosina wrote:
>> On Fri, 2 Jan 2015, Pavel Machek wrote:
>>
>>>> You also want to protect against binaries that are evil on purpose,
>>>> right?
>>>
>>> Umm. No. Not by default. We don't want to break crashme or trinity by
>>> default.
>>
>> I thought trinity is issuing syscalls directly (would make more sense than
>> going through glibc, wouldn't it?) ... haven't checked the source though.
>
> Patch in this thread wanted to insert delays into kernel on SIGSEGV
> processing. That's bad idea by default.

No. This is not what this patch does.

> But changing glibc to do sleep(30); abort(); instead of abort(); to
> slow down bruteforcing of canaries makes some kind of sense... and
> should be ok by default.

As I saidn only focusing one the specific stack canary case is not enough.

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/