Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy

From: Daniel Micay
Date: Fri Jul 15 2016 - 15:19:56 EST

Next message: SF Markus Elfring: "[PATCH] drm/vc4: Delete unnecessary checks before two function calls"
Previous message: James Smart: "Re: [PATCH 1/2] scsi: lpfc: avoid harmless comparison warning"
In reply to: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I'd like it to dump stack and be fatal to the process involved, but
> yeah, I guess BUG() would work. Creating an infrastructure for
> handling security-related Oopses can be done separately from this
> (and
> I'd like to see that added, since it's a nice bit of configurable
> reactivity to possible attacks).

In grsecurity, the oops handling also uses do_group_exit instead of
do_exit but both that change (or at least the option to do it) and the
exploit handling could be done separately from this without actually
needing special treatment for USERCOPY. Could expose is as something
like panic_on_oops=2 as a balance between the existing options.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: SF Markus Elfring: "[PATCH] drm/vc4: Delete unnecessary checks before two function calls"
Previous message: James Smart: "Re: [PATCH 1/2] scsi: lpfc: avoid harmless comparison warning"
In reply to: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy"
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v2 02/11] mm: Hardened usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]