From: Daniel Micay <danielmicay@gmail.com>
To: kernel-hardening@lists.openwall.com
Cc: Balbir Singh <bsingharora@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
"David S. Miller" <davem@davemloft.net>,
"x86@kernel.org" <x86@kernel.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>,
Mathias Krause <minipli@googlemail.com>, Jan Kara <jack@suse.cz>,
Vitaly Wool <vitalywool@gmail.com>,
Andrea Arcangeli <aarcange@redhat.com>,
Dmitry Vyukov <dvyukov@google.com>,
Laura Abbott <labbott@fedoraproject.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
linux-ia64@vger.kernel.org,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
sparclinux <sparclinux@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy
Date: Fri, 15 Jul 2016 15:19:23 -0400 [thread overview]
Message-ID: <1468610363.32683.42.camel@gmail.com> (raw)
In-Reply-To: <CAGXu5jLiD1xEb=dDuf+_2JVzmkH_6O5-m=p=AVvi7qgQ+SV4UA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 665 bytes --]
> I'd like it to dump stack and be fatal to the process involved, but
> yeah, I guess BUG() would work. Creating an infrastructure for
> handling security-related Oopses can be done separately from this
> (and
> I'd like to see that added, since it's a nice bit of configurable
> reactivity to possible attacks).
In grsecurity, the oops handling also uses do_group_exit instead of
do_exit but both that change (or at least the option to do it) and the
exploit handling could be done separately from this without actually
needing special treatment for USERCOPY. Could expose is as something
like panic_on_oops=2 as a balance between the existing options.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 851 bytes --]
next prev parent reply other threads:[~2016-07-15 19:19 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-13 21:55 [PATCH v2 0/11] mm: Hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 01/11] mm: Implement stack frame object validation Kees Cook
2016-07-13 22:01 ` Andy Lutomirski
2016-07-13 22:04 ` Kees Cook
2016-07-14 5:48 ` Josh Poimboeuf
2016-07-14 18:10 ` Kees Cook
2016-07-14 19:23 ` Josh Poimboeuf
2016-07-14 21:38 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 02/11] mm: Hardened usercopy Kees Cook
2016-07-14 23:20 ` Balbir Singh
2016-07-15 1:04 ` Rik van Riel
2016-07-15 1:41 ` Balbir Singh
2016-07-15 4:05 ` Kees Cook
2016-07-15 4:53 ` Kees Cook
2016-07-15 12:55 ` Balbir Singh
2016-07-15 4:25 ` Kees Cook
2016-07-15 19:00 ` [kernel-hardening] " Daniel Micay
2016-07-15 19:14 ` Kees Cook
2016-07-15 19:19 ` Daniel Micay [this message]
2016-07-15 19:23 ` Kees Cook
2016-07-13 21:55 ` [PATCH v2 03/11] x86/uaccess: Enable hardened usercopy Kees Cook
2016-07-13 21:55 ` [PATCH v2 04/11] ARM: uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 05/11] arm64/uaccess: " Kees Cook
2016-07-13 21:55 ` [PATCH v2 06/11] ia64/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 07/11] powerpc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 08/11] sparc/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 09/11] s390/uaccess: " Kees Cook
2016-07-13 21:56 ` [PATCH v2 10/11] mm: SLAB hardened usercopy support Kees Cook
2016-07-13 21:56 ` [PATCH v2 11/11] mm: SLUB " Kees Cook
2016-07-14 10:07 ` [kernel-hardening] " Michael Ellerman
2016-07-15 2:05 ` Balbir Singh
2016-07-15 4:29 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1468610363.32683.42.camel@gmail.com \
--to=danielmicay@gmail.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=benh@kernel.crashing.org \
--cc=bp@suse.de \
--cc=bsingharora@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=fenghua.yu@intel.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jack@suse.cz \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@fedoraproject.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@kernel.org \
--cc=minipli@googlemail.com \
--cc=mpe@ellerman.id.au \
--cc=pageexec@freemail.hu \
--cc=penberg@kernel.org \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=sparclinux@vger.kernel.org \
--cc=spender@grsecurity.net \
--cc=tony.luck@intel.com \
--cc=vitalywool@gmail.com \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).