Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Apr 2021 18:08:14 +0200
From: John Wood <>
To: Andi Kleen <>
Cc: John Wood <>,
	Valdis Klētnieks <>,, Kees Cook <>,
Subject: Re: Notify special task kill using wait* functions


On Fri, Apr 09, 2021 at 08:06:21AM -0700, Andi Kleen wrote:
> > > Any caching of state is inherently insecure because any caches of limited
> > > size can be always thrashed by a purposeful attacker. I suppose the
> > > only thing that would work is to actually write something to the
> > > executable itself on disk, but of course that doesn't always work either.
> >
> > I'm also working on this. In the next version I will try to find a way to
> > prevent brute force attacks through the execve system call with more than
> > one level of forking.
> Thanks.
> Thinking more about it what I wrote above wasn't quite right. The cache
> would only need to be as big as the number of attackable services/suid
> binaries. Presumably on many production systems that's rather small,
> so a cache (which wouldn't actually be a cache, but a complete database)
> might actually work.

Thanks. I will keep it in mind.

> -Andi

John Wood

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.