Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack usercopy runtime checks

[RFC v1] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-03
Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Linus Torvalds <torvalds@linux-foundation.org> · 2011-07-03
Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-03
Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Linus Torvalds <torvalds@linux-foundation.org> · 2011-07-03
Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-03
Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Joe Perches <joe@perches.com> · 2011-07-03
Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-03
Re: [kernel-hardening] Re: [RFC v1] implement SL*B and stack usercopy runtime checks · Jonathan Hawthorne <hidden> · 2011-07-06
[RFC v2] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-18
Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Andrew Morton <akpm@linux-foundation.org> · 2011-07-18
Re: [kernel-hardening] Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-18
Re: [kernel-hardening] Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-19
Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Matt Mackall <hidden> · 2011-07-18
Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-18
Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Christoph Lameter <hidden> · 2011-07-18
Re: [RFC v2] implement SL*B and stack usercopy runtime checks · Vasiliy Kulikov <hidden> · 2011-07-19

From: Vasiliy Kulikov <hidden>
Date: 2011-07-03 19:53:15
Also in: linux-mm, lkml

On Sun, Jul 03, 2011 at 12:37 -0700, Joe Perches wrote:

On Sun, 2011-07-03 at 23:24 +0400, Vasiliy Kulikov wrote:

quoted

Btw, if the perfomance will be acceptable, what do you think about
logging/reacting on the spotted overflows?

If you do, it might be useful to track the found location(s)

Sure.

and only emit the overflow log entry once as found.

Hmm, if consider it as a purely debugging feature, then yes.  But if
consider it as a try to block some exploitation attempt, then no.
I'd appresiate the latter.

Maybe use __builtin_return_address(depth) for tracking.

PaX/Grsecurity uses dump_stack() and do_group_exit(SIGKILL);  If setup,
it kills all user's processes and locks the user for some time.  I don't
really propose the latter, but some reaction (to at least slowdown a
blind bruteforce) might be useful.


Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help