Re: [PATCH v2 7/8] Documentation: Add documentation for the Brute LSM

[PATCH v2 0/8] Fork brute force attack mitigation · John Wood <hidden> · 2020-10-25
[PATCH v2 1/8] security: Add LSM hook at the point where a task gets a fatal signal · John Wood <hidden> · 2020-10-25
[PATCH v2 2/8] security/brute: Define a LSM and manage statistical data · John Wood <hidden> · 2020-10-25
[PATCH v2 3/8] security/brute: Add sysctl attributes to allow detection fine tuning · John Wood <hidden> · 2020-10-25
[PATCH v2 4/8] security/brute: Detect a fork brute force attack · John Wood <hidden> · 2020-10-25
[PATCH v2 5/8] security/brute: Mitigate a fork brute force attack · John Wood <hidden> · 2020-10-25
[PATCH v2 6/8] security/brute: Add prctls to enable/disable the fork attack detection · John Wood <hidden> · 2020-10-25
[PATCH v2 7/8] Documentation: Add documentation for the Brute LSM · John Wood <hidden> · 2020-10-25
Re: [PATCH v2 7/8] Documentation: Add documentation for the Brute LSM · Randy Dunlap <hidden> · 2020-11-09
Re: [PATCH v2 7/8] Documentation: Add documentation for the Brute LSM · John Wood <hidden> · 2020-11-09
Re: [PATCH v2 7/8] Documentation: Add documentation for the Brute LSM · Randy Dunlap <hidden> · 2020-11-10
[PATCH v2 8/8] MAINTAINERS: Add a new entry for the Brute LSM · John Wood <hidden> · 2020-10-25
Re: [PATCH v2 0/8] Fork brute force attack mitigation · John Wood <hidden> · 2020-11-06
Re: [PATCH v2 0/8] Fork brute force attack mitigation · Kees Cook <hidden> · 2020-11-11
Re: [PATCH v2 0/8] Fork brute force attack mitigation · John Wood <hidden> · 2020-11-15

From: Randy Dunlap <hidden>
Date: 2020-11-10 00:09:34
Also in: linux-doc, lkml

On 11/9/20 10:23 AM, John Wood wrote:

Hi,
Thanks for the typos corrections. Will be corrected in the next patch
version.

On Sun, Nov 08, 2020 at 08:31:13PM -0800, Randy Dunlap wrote:

quoted

So an app could read crash_period_threshold and just do a new fork every
threshold + 1 time units, right? and not be caught?

Yes, you are right. But we must set a crash_period_threshold that does not
make an attack feasible. For example, with the default value of 30000 ms,
an attacker can break the app only once every 30 seconds. So, to guess
canaries or break ASLR, the attack needs a big amount of time. But it is
possible.

So, I think that to avoid this scenario we can add a maximum number of
faults per fork hierarchy. Then, the mitigation will be triggered if the
application crash period falls under the period threshold or if the number
of faults exceed the maximum commented.

This way, if an attack is of long duration, it will also be detected and
mitigated.

What do you think?

Hi,
That sounds reasonable to me.

thanks.
-- 
~Randy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help