Date: Sat, 20 Jun 2020 16:42:34 +0200 From: Solar Designer <solar@...nwall.com> To: lkrg-users@...ts.openwall.com Subject: Re: Yes, Yes, Yes,p_lkrg has detected dangerous exploits. ;) Hi Jacek, On Sat, Jun 20, 2020 at 03:56:22PM +0200, Jacek wrote: > Finally p_lkrg revealed its activities, I found the following messages > in dmesg: > > Jun 19 11:57:22 domek kernel: [46870.845646] [p_lkrg] <Exploit > Detection> ON process[3619 | thunderbird] has corrupted 'off' flag! > Jun 19 11:57:22 domek kernel: [46870.847161] [p_lkrg] <Exploit > Detection> Trying to kill process[AudioIPC Server | 3619]! > Jun 19 11:57:23 domek kernel: [46872.579300] [p_lkrg] <Exploit > Detection> ON process[400 | firefox] has corrupted 'off' flag! > Jun 19 11:57:23 domek kernel: [46872.580099] [p_lkrg] <Exploit > Detection> Trying to kill process[Cache2 I/O | 400]! Ouch. Are you able to reproduce this? Please set log_level=4 (via sysctl or module parameter), so that we have more detailed messages next time this occurs. (That log level is not suitable for production use. Please only use it while we debug this.) It could also make sense to try reverting the below commit (which might or might not be relevant), but we'd be more interested in having the issue reproduced with intact LKRG and verbose logging first, as above. commit 8c1a55f7e0105656802d290fc7240c894eb904e0 Author: Adam_pi3 <pi3@....com.pl> Date: Wed May 13 17:38:19 2020 -0400 Improve performance for flag validation Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.