Re: [PATCH] [RFC] Deter exploit bruteforcing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri 2015-01-02 23:32:35, Jiri Kosina wrote:
> On Fri, 2 Jan 2015, Pavel Machek wrote:
> 
> > > > Can the slowdown be impelmented in glibc, then?
> > > 
> > > glibc has a lot of asserts where it can detect stack smashing and kills the
> > > current process using abort(). Here it could of course also call
> > > sleep().
> > 
> > Please do it in glibc, then.
> 
> You also want to protect against binaries that are evil on purpose,
> right?

Umm. No. Not by default. We don't want to break crashme or trinity by
default.

We want to delay people trying to bruteforce glibc canaries. We want
to do it by default.

								Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux