On Sun, Jul 03, 2011 at 12:37 -0700, Joe Perches wrote: > On Sun, 2011-07-03 at 23:24 +0400, Vasiliy Kulikov wrote: > > Btw, if the perfomance will be acceptable, what do you think about > > logging/reacting on the spotted overflows? > > If you do, it might be useful to track the found location(s) Sure. > and only emit the overflow log entry once as found. Hmm, if consider it as a purely debugging feature, then yes. But if consider it as a try to block some exploitation attempt, then no. I'd appresiate the latter. > Maybe use __builtin_return_address(depth) for tracking. PaX/Grsecurity uses dump_stack() and do_group_exit(SIGKILL); If setup, it kills all user's processes and locks the user for some time. I don't really propose the latter, but some reaction (to at least slowdown a blind bruteforce) might be useful. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
