Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
From: John Wood <john.wood@xxxxxxx>
Date: Fri, 12 Mar 2021 18:54:44 +0100
Cc: John Wood <john.wood@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, kernel-hardening@xxxxxxxxxxxxxxxxxx
In-reply-to: <20210311200517.GG203350@tassilo.jf.intel.com>
References: <20210227153013.6747-8-john.wood@gmx.com> <878s78dnrm.fsf@linux.intel.com> <20210302183032.GA3049@ubuntu> <20210307151920.GR472138@tassilo.jf.intel.com> <20210307164520.GA16296@ubuntu> <20210307172540.GS472138@tassilo.jf.intel.com> <20210307180541.GA17108@ubuntu> <20210307224927.GT472138@tassilo.jf.intel.com> <20210309184054.GA3058@ubuntu> <20210311200517.GG203350@tassilo.jf.intel.com>

On Thu, Mar 11, 2021 at 12:05:17PM -0800, Andi Kleen wrote:
>
> Okay but that means that the brute force attack can just continue
> because the attacked daemon will be respawned?
>
> You need some way to stop the respawning, otherwise the
> mitigation doesn't work for daemons.
>
I will work on your solution regarding respawned daemons (use wait*() to inform
userspace that the offending processes killed by the mitigation exited due to
this mitigation -> then the supervisor can adopt their own policy).

>
> -Andi
>

Thank you very much,
John Wood

References:
- [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: John Wood
- Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
  - From: Andi Kleen

Prev by Date: Re: [Patch v3 0/2] cgroup: New misc cgroup controller
Next by Date: Re: [PATCH v18 4/9] mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page
Previous by thread: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM
Next by thread: [PATCH v5 8/8] MAINTAINERS: Add a new entry for the Brute LSM
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]