--- v3
+++ v6
@@ -35,22 +35,7 @@
The implementation details and comparison against other existing
implementations can be found in the "Documentation" patch.
-This v3 version has changed a lot from the v2. Basically the application
-crash period is now compute on an on-going basis using an exponential
-moving average (EMA), a detection of a brute force attack through the
-"execve" system call has been added and the crossing of the commented
-privilege bounds are taken into account. Also, the fine tune has also been
-removed and now, all this kind of attacks are detected without
-administrator intervention.
-
-In the v2 version Kees Cook suggested to study if the statistical data
-shared by all the fork hierarchy processes can be tracked in some other
-way. Specifically the question was if this info can be hold by the family
-hierarchy of the mm struct. After studying this hierarchy I think it is not
-suitable for the Brute LSM since they are totally copied on fork() and in
-this case we want that they are shared. So I leave this road.
-
-So, knowing all this information I will explain now the different patches:
+Knowing all this information I will explain now the different patches:
The 1/8 patch defines a new LSM hook to get the fatal signal of a task.
This will be useful during the attack detection phase.
@@ -72,15 +57,27 @@
The 8/8 patch updates the maintainers file.
This patch serie is a task of the KSPP [1] and can also be accessed from my
-github tree [2] in the "brute_v3" branch.
+github tree [2] in the "brute_v6" branch.
[1] https://github.com/KSPP/linux/issues/39
[2] https://github.com/johwood/linux/
The previous versions can be found in:
+RFC
https://lore.kernel.org/kernel-hardening/20200910202107.3799376-1-keescook@chromium.org/
+
+Version 2
https://lore.kernel.org/kernel-hardening/20201025134540.3770-1-john.wood@gmx.com/
+
+Version 3
+https://lore.kernel.org/lkml/20210221154919.68050-1-john.wood@gmx.com/
+
+Version 4
+https://lore.kernel.org/lkml/20210227150956.6022-1-john.wood@gmx.com/
+
+Version 5
+https://lore.kernel.org/kernel-hardening/20210227153013.6747-1-john.wood@gmx.com/
Changelog RFC -> v2
-------------------
@@ -109,6 +106,23 @@
- Fix some typos in the documentation (Randy Dunlap).
- Add self-test to validate the expectations (Kees Cook).
+Changelog v3 -> v4
+------------------
+- Fix all the warnings shown by the tool "scripts/kernel-doc" (Randy
+ Dunlap).
+
+Changelog v4 -> v5
+------------------
+- Fix some typos (Randy Dunlap).
+
+Changelog v5 -> v6
+------------------
+- Fix a reported deadlock (kernel test robot).
+- Add high level details to the documentation (Andi Kleen).
+
+Any constructive comments are welcome.
+Thanks.
+
John Wood (8):
security: Add LSM hook at the point where a task gets a fatal signal
security/brute: Define a LSM and manage statistical data
@@ -119,7 +133,7 @@
Documentation: Add documentation for the Brute LSM
MAINTAINERS: Add a new entry for the Brute LSM
- Documentation/admin-guide/LSM/Brute.rst | 224 +++++
+ Documentation/admin-guide/LSM/Brute.rst | 278 ++++++
Documentation/admin-guide/LSM/index.rst | 1 +
MAINTAINERS | 7 +
include/linux/lsm_hook_defs.h | 1 +
@@ -130,7 +144,7 @@
security/Makefile | 4 +
security/brute/Kconfig | 13 +
security/brute/Makefile | 2 +
- security/brute/brute.c | 1102 ++++++++++++++++++++++
+ security/brute/brute.c | 1107 ++++++++++++++++++++++
security/security.c | 5 +
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/brute/.gitignore | 2 +
@@ -139,7 +153,7 @@
tools/testing/selftests/brute/exec.c | 44 +
tools/testing/selftests/brute/test.c | 507 ++++++++++
tools/testing/selftests/brute/test.sh | 226 +++++
- 20 files changed, 2160 insertions(+), 5 deletions(-)
+ 20 files changed, 2219 insertions(+), 5 deletions(-)
create mode 100644 Documentation/admin-guide/LSM/Brute.rst
create mode 100644 security/brute/Kconfig
create mode 100644 security/brute/Makefile