Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
From: John Wood <john.wood@xxxxxxx>
Date: Fri, 12 Mar 2021 18:54:44 +0100
Cc: John Wood <john.wood@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, kernel-hardening@xxxxxxxxxxxxxxxxxx
Delivered-to: mailing list kernel-hardening@xxxxxxxxxxxxxxxxxx
In-reply-to: <20210311200517.GG203350@tassilo.jf.intel.com>
Mailing-list: contact kernel-hardening-help@xxxxxxxxxxxxxxxxxx; run by ezmlm

On Thu, Mar 11, 2021 at 12:05:17PM -0800, Andi Kleen wrote:
>
> Okay but that means that the brute force attack can just continue
> because the attacked daemon will be respawned?
>
> You need some way to stop the respawning, otherwise the
> mitigation doesn't work for daemons.
>
I will work on your solution regarding respawned daemons (use wait*() to inform
userspace that the offending processes killed by the mitigation exited due to
this mitigation -> then the supervisor can adopt their own policy).

>
> -Andi
>

Thank you very much,
John Wood

References:
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen

Prev by Date: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Next by Date: Re: [PATCH v5 1/7] mm: Restore init_on_* static branch defaults
Previous by thread: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Next by thread: [PATCH v5 8/8] MAINTAINERS: Add a new entry for the Brute LSM
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]