From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pavel Machek Subject: Re: [PATCH] [RFC] Deter exploit bruteforcing Date: Fri, 2 Jan 2015 23:29:36 +0100 Message-ID: <20150102222936.GA29018@amd> References: <1419457167-15042-1-git-send-email-richard@nod.at> <20150102051142.GF4873@amd> <54A67A38.3000207@nod.at> <20150102194616.GA27538@amd> <54A7103E.6020500@nod.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Kees Cook , LKML , "linux-fsdevel@vger.kernel.org" , David Rientjes , Aaron Tomlin , DaeSeok Youn , Thomas Gleixner , vdavydov@parallels.com, Rik van Riel , Oleg Nesterov , Andrew Morton , Peter Zijlstra , Ingo Molnar , Al Viro , Andy Lutomirski , Brad Spengler To: Richard Weinberger Return-path: Content-Disposition: inline In-Reply-To: <54A7103E.6020500@nod.at> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Fri 2015-01-02 22:40:14, Richard Weinberger wrote: > Am 02.01.2015 um 20:46 schrieb Pavel Machek: > >>> Does this break trinity, crashme, and similar programs? > >> > >> If they fork() without execve() and a child dies very fast the next fork() > >> will be throttled. > >> This is why I'd like to make this feature disabled by default. > >> > >>> Can you detect it died due to the stack canary? Then, the patch might > >>> be actually acceptable. > >> > >> I don't think so as this is glibc specific. > > > > Can the slowdown be impelmented in glibc, then? > > glibc has a lot of asserts where it can detect stack smashing and kills the > current process using abort(). Here it could of course also call > sleep(). Please do it in glibc, then. > > If not, can glibc provide enough information to the kernel to allow us > > to do the right thing? > > IMHO we should not strictly focus on the stack canary. IMO we should. We want it enabled by default. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html