Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM

[PATCH v6 0/8] Fork brute force attack mitigation · John Wood <hidden> · 2021-03-07
[PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 1/8] security: Add LSM hook at the point where a task gets a fatal signal · Kees Cook <hidden> · 2021-03-18
[PATCH v6 2/8] security/brute: Define a LSM and manage statistical data · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data · John Wood <hidden> · 2021-03-20
Re: [PATCH v6 2/8] security/brute: Define a LSM and manage statistical data · Kees Cook <hidden> · 2021-03-21
[PATCH v6 3/8] securtiy/brute: Detect a brute force attack · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · John Wood <hidden> · 2021-03-20
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · Kees Cook <hidden> · 2021-03-21
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · John Wood <hidden> · 2021-03-21
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · Kees Cook <hidden> · 2021-03-21
Re: [PATCH v6 3/8] securtiy/brute: Detect a brute force attack · John Wood <hidden> · 2021-03-22
[PATCH v6 4/8] security/brute: Fine tuning the attack detection · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection · John Wood <hidden> · 2021-03-20
Re: [PATCH v6 4/8] security/brute: Fine tuning the attack detection · Kees Cook <hidden> · 2021-03-21
[PATCH v6 5/8] security/brute: Mitigate a brute force attack · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack · John Wood <hidden> · 2021-03-20
Re: [PATCH v6 5/8] security/brute: Mitigate a brute force attack · Kees Cook <hidden> · 2021-03-21
[PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 6/8] selftests/brute: Add tests for the Brute LSM · John Wood <hidden> · 2021-03-20
[PATCH v6 7/8] Documentation: Add documentation for the Brute LSM · John Wood <hidden> · 2021-03-07
Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM · Kees Cook <hidden> · 2021-03-18
Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM · John Wood <hidden> · 2021-03-20
Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM · Jonathan Corbet <corbet@lwn.net> · 2021-03-21
Re: [PATCH v6 7/8] Documentation: Add documentation for the Brute LSM · John Wood <hidden> · 2021-03-26
[PATCH v6 8/8] MAINTAINERS: Add a new entry for the Brute LSM · John Wood <hidden> · 2021-03-07

From: Jonathan Corbet <corbet@lwn.net>
Date: 2021-03-21 18:51:35
Also in: linux-doc, linux-kselftest, lkml

John Wood [off-list ref] writes:

Add some info detailing what is the Brute LSM, its motivation, weak
points of existing implementations, proposed solutions, enabling,
disabling and self-tests.

Signed-off-by: John Wood <redacted>
---
 Documentation/admin-guide/LSM/Brute.rst | 278 ++++++++++++++++++++++++
 Documentation/admin-guide/LSM/index.rst |   1 +
 security/brute/Kconfig                  |   3 +-
 3 files changed, 281 insertions(+), 1 deletion(-)
 create mode 100644 Documentation/admin-guide/LSM/Brute.rst

Thanks for including documentation with the patch!

As you get closer to merging this, though, you'll want to take a minute
(OK, a few minutes) to build the docs and look at the result; there are
a number of places where you're not going to get what you expect.  Just
as an example:

[...]

+Based on the above scenario it would be nice to have this detected and
+mitigated, and this is the goal of this implementation. Specifically the
+following attacks are expected to be detected:
+
+1.- Launching (fork()/exec()) a setuid/setgid process repeatedly until a
+    desirable memory layout is got (e.g. Stack Clash).
+2.- Connecting to an exec()ing network daemon (e.g. xinetd) repeatedly until a
+    desirable memory layout is got (e.g. what CTFs do for simple network
+    service).
+3.- Launching processes without exec() (e.g. Android Zygote) and exposing state
+    to attack a sibling.
+4.- Connecting to a fork()ing network daemon (e.g. apache) repeatedly until the
+    previously shared memory layout of all the other children is exposed (e.g.
+    kind of related to HeartBleed).

Sphinx will try to recognize your enumerated list, but that may be a bit
more punctuation than it is prepared to deal with; I'd take the hyphens
out, if nothing else.

[...]

+These statistics are hold by the brute_stats struct.
+
+struct brute_cred {
+	kuid_t uid;
+	kgid_t gid;
+	kuid_t suid;
+	kgid_t sgid;
+	kuid_t euid;
+	kgid_t egid;
+	kuid_t fsuid;
+	kgid_t fsgid;
+};

That will certainly not render the way you want.  What you need here is
a literal block:

These statistics are hold by the brute_stats struct::

    struct brute_cred {
	kuid_t uid;
	kgid_t gid;
	kuid_t suid;
	kgid_t sgid;
	kuid_t euid;
	kgid_t egid;
	kuid_t fsuid;
	kgid_t fsgid;
    };

The "::" causes all of the indented text following to be formatted
literally. 

Thanks,

jon

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help