Re: [PATCH] fs/open: Fix most outstanding security bugs

From: Matthew Wilcox
Date: Mon Apr 01 2019 - 07:22:22 EST

Next message: Neil Armstrong: "Re: [PATCH v4] dt-bindings: gpu: add bindings for the ARM Mali Bifrost GPU"
Previous message: Peter Zijlstra: "Re: [RFC PATCH] i2c: remove use of in_atomic()"
In reply to: Johannes Thumshirn: "[PATCH] fs/open: Fix most outstanding security bugs"
Next in thread: Johannes Thumshirn: "Re: [PATCH] fs/open: Fix most outstanding security bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 01, 2019 at 11:01:13AM +0200, Johannes Thumshirn wrote:
> Over the last 20 years, the Linux kernel has accumulated hundreds if not
> thousands of security vulnerabilities.
>
> One common pattern in most of these security related reports is processes
> called "syzkaller", "trinity" or "syz-executor" opening files and then
> abuse kernel interfaces causing kernel crashes or even worse threats using
> memory overwrites or by exploiting race conditions.
>
> Hunting down these bugs has become time consuming and very expensive, so
> I've decided to put an end to it.
>
> If one of the above mentioned processes tries opening a file, return -EPERM
> indicating this process does not have the permission to open files on Linux
> anymore.
>
> Signed-off-by: Johannes Thumshirn <jthumshirn@xxxxxxx>

I think you should have credited Cisco for the idea.

https://twitter.com/RedTeamPT/status/1110843396657238016

Next message: Neil Armstrong: "Re: [PATCH v4] dt-bindings: gpu: add bindings for the ARM Mali Bifrost GPU"
Previous message: Peter Zijlstra: "Re: [RFC PATCH] i2c: remove use of in_atomic()"
In reply to: Johannes Thumshirn: "[PATCH] fs/open: Fix most outstanding security bugs"
Next in thread: Johannes Thumshirn: "Re: [PATCH] fs/open: Fix most outstanding security bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]