Re: Notify special task kill using wait* functions

From: John Wood <john.wood@gmx.com>
To: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>,
	"Andi Kleen" <ak@linux.intel.com>
Cc: John Wood <john.wood@gmx.com>,
	kernelnewbies@kernelnewbies.org,
	Kees Cook <keescook@chromium.org>,
	kernel-hardening@lists.openwall.com
Subject: Re: Notify special task kill using wait* functions
Date: Fri, 9 Apr 2021 16:29:33 +0200	[thread overview]
Message-ID: <20210409142933.GA3150@ubuntu> (raw)
In-Reply-To: <20210408015148.GB3762101@tassilo.jf.intel.com>

Hi Valdis and Andi. Thanks for your comments.

On Wed, Apr 07, 2021 at 06:51:48PM -0700, Andi Kleen wrote:
> > I didn't even finish the line that starts "From now on.." before I started
> > wondering "How can I abuse this to hang or crash a system?"  And it only took
> > me a few seconds to come up with an attack. All you need to do is find a way to
> > sigsegv /bin/bash... and that's easy to do by forking, excecve /bin/bash, and
> > then use ptrace() to screw the child process's stack and cause a sigsegv.
> >
> > Say goodnight Gracie...
>
> Yes there is certainly DoS potential, but that's kind of inevitable
> for the proposal. It's a trade between allowing attacks and allowing DoS,
> with the idea that a DoS is more benign.
>
> I'm more worried that it doesn't actually prevent the attacks
> unless we make sure systemd and other supervisor daemons understand it,
> so that they don't restart.

I'm working on it. I will send a formal proposal in the next version.

> Any caching of state is inherently insecure because any caches of limited
> size can be always thrashed by a purposeful attacker. I suppose the
> only thing that would work is to actually write something to the
> executable itself on disk, but of course that doesn't always work either.

I'm also working on this. In the next version I will try to find a way to
prevent brute force attacks through the execve system call with more than
one level of forking.

> -Andi

Again, thank you very much.
John Wood