On Thu, Sep 10, 2020 at 10:21 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > [kees: re-sending this series on behalf of John Wood <john.wood@xxxxxxx> > also visible at https://github.com/johwood/linux fbfam] [...] > The goal of this patch serie is to detect and mitigate a fork brute force > attack. > > Attacks with the purpose to break ASLR or bypass canaries traditionaly use > some level of brute force with the help of the fork system call. This is > possible since when creating a new process using fork its memory contents > are the same as those of the parent process (the process that called the > fork system call). So, the attacker can test the memory infinite times to > find the correct memory values or the correct memory addresses without > worrying about crashing the application. For the next version of this patchset, you may want to clarify that this is intended to stop brute force attacks *against vulnerable userspace processes* that fork off worker processes. I was halfway through the patch series before I realized that.
