Date: Sun, 11 Apr 2021 10:46:02 +0200 From: John Wood <john.wood@....com> To: Valdis Klētnieks <valdis.kletnieks@...edu>, Andi Kleen <ak@...ux.intel.com> Cc: John Wood <john.wood@....com>, kernelnewbies@...nelnewbies.org, Kees Cook <keescook@...omium.org>, kernel-hardening@...ts.openwall.com Subject: Re: Notify special task kill using wait* functions Hi, On Fri, Apr 09, 2021 at 07:28:20PM -0400, Valdis Klētnieks wrote: > On Fri, 09 Apr 2021 08:06:21 -0700, Andi Kleen said: > > > Thinking more about it what I wrote above wasn't quite right. The cache > > would only need to be as big as the number of attackable services/suid > > binaries. Presumably on many production systems that's rather small, > > so a cache (which wouldn't actually be a cache, but a complete database) > > might actually work. > > You also need to consider non-suid things called by suid things that don't > sanitize input sufficiently before invocation... > > Thinking about at - is it really a good thing to try to do this in kernelspace? > Or is 'echo 1 > /proc/sys/kernel/print-fatal-signals' and a program to watch > the dmesg and take action more appropriate? A userspace monitor would > have more options (though a slightly higher risk of race conditions). > Thanks for the ideas. I need some time to send a formal proposal that works properly. I would like to get feedback at that moment. I think it would be better to discuss about the real patch. Again, thanks. John Wood
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.