On Tue, 30 Mar 2021 19:34:59 +0200, John Wood said: > The question is: How can I notify to wait* functions that the task has > been killed by the "Brute" LSM. What wait* functions even *care* that your LSM was what killed it? If you're caring about somehow notifying userspace that it was your LSM specifically, remember that if your code works properly, only attackers get notified - and they can then determine "Ah, this system has Brute installed, we need to back off and fly under its radar". You're much better off sending a SIGKILL to the entire process group and be done with it. That way the bad guys get less information.
Attachment:
pgpcgjWWUBhzn.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
