From: John Wood <john.wood@gmx.com>
To: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>
Cc: John Wood <john.wood@gmx.com>, kernelnewbies@kernelnewbies.org
Subject: Re: Notify special task kill using wait* functions
Date: Fri, 2 Apr 2021 14:49:32 +0200 [thread overview]
Message-ID: <20210402124932.GA3012@ubuntu> (raw)
In-Reply-To: <79804.1617129638@turing-police>
Hi,
On Tue, Mar 30, 2021 at 02:40:38PM -0400, Valdis Klētnieks wrote:
> On Tue, 30 Mar 2021 19:34:59 +0200, John Wood said:
>
> > The question is: How can I notify to wait* functions that the task has
> > been killed by the "Brute" LSM.
>
> What wait* functions even *care* that your LSM was what killed it?
>
> If you're caring about somehow notifying userspace that it was your LSM
> specifically, remember that if your code works properly, only attackers
> get notified - and they can then determine "Ah, this system has Brute installed,
> we need to back off and fly under its radar".
>
> You're much better off sending a SIGKILL to the entire process group
> and be done with it. That way the bad guys get less information.
Thanks for the suggestion, but I will expose more info to try to clarify
why to notify to userspace can be useful. In a discussion with Andi Kleen
in the v5 review [1] he explain me some cons with the current mitiggation
method. Without entering in more detail, the mitigation kills all the tasks
involved in the attack, but a supervisor can respawn the processes killed and
the attack can be started again. So, he suggested that notifying to userspace
(via wait*() functions) that a child task has been killed by the "Brute" LSM,
the supervisor can adopt the correct policy and avoid respawn the killed
processes.
[1] https://lore.kernel.org/kernel-hardening/20210227153013.6747-8-john.wood@gmx.com/
Thanks,
John Wood
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
next prev parent reply other threads:[~2021-04-02 12:50 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-30 17:34 Notify special task kill using wait* functions John Wood
2021-03-30 18:40 ` Valdis Klētnieks
2021-04-02 12:49 ` John Wood [this message]
2021-04-03 3:50 ` Valdis Klētnieks
2021-04-03 7:02 ` John Wood
2021-04-03 21:34 ` Valdis Klētnieks
2021-04-04 9:48 ` John Wood
2021-04-04 21:10 ` Valdis Klētnieks
2021-04-05 7:31 ` John Wood
2021-04-06 23:55 ` Valdis Klētnieks
2021-04-07 17:51 ` John Wood
2021-04-07 17:51 ` John Wood
2021-04-07 20:38 ` Valdis Klētnieks
2021-04-07 20:38 ` Valdis Klētnieks
2021-04-08 1:51 ` Andi Kleen
2021-04-08 1:51 ` Andi Kleen
2021-04-09 14:29 ` John Wood
2021-04-09 14:29 ` John Wood
2021-04-09 15:06 ` Andi Kleen
2021-04-09 15:06 ` Andi Kleen
2021-04-09 16:08 ` John Wood
2021-04-09 16:08 ` John Wood
2021-04-09 23:28 ` Valdis Klētnieks
2021-04-09 23:28 ` Valdis Klētnieks
2021-04-11 8:46 ` John Wood
2021-04-11 8:46 ` John Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210402124932.GA3012@ubuntu \
--to=john.wood@gmx.com \
--cc=kernelnewbies@kernelnewbies.org \
--cc=valdis.kletnieks@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.