On Sun, Jul 03, 2011 at 12:37 -0700, Joe Perches wrote: > On Sun, 2011-07-03 at 23:24 +0400, Vasiliy Kulikov wrote: > > Btw, if the perfomance will be acceptable, what do you think about > > logging/reacting on the spotted overflows? > > If you do, it might be useful to track the found location(s) Sure. > and only emit the overflow log entry once as found. Hmm, if consider it as a purely debugging feature, then yes. But if consider it as a try to block some exploitation attempt, then no. I'd appresiate the latter. > Maybe use __builtin_return_address(depth) for tracking. PaX/Grsecurity uses dump_stack() and do_group_exit(SIGKILL); If setup, it kills all user's processes and locks the user for some time. I don't really propose the latter, but some reaction (to at least slowdown a blind bruteforce) might be useful. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>