On Fri, Jul 15, 2016 at 12:19 PM, Daniel Micay <danielmicay@xxxxxxxxx> wrote: >> I'd like it to dump stack and be fatal to the process involved, but >> yeah, I guess BUG() would work. Creating an infrastructure for >> handling security-related Oopses can be done separately from this >> (and >> I'd like to see that added, since it's a nice bit of configurable >> reactivity to possible attacks). > > In grsecurity, the oops handling also uses do_group_exit instead of > do_exit but both that change (or at least the option to do it) and the > exploit handling could be done separately from this without actually > needing special treatment for USERCOPY. Could expose is as something > like panic_on_oops=2 as a balance between the existing options. I'm also uncomfortable about BUG() being removed by unsetting CONFIG_BUG, but that seems unlikely. :) -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>