Open kees opened 4 years ago
It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set panic_on_oops
nor panic_on_warn
.
It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set
panic_on_oops
norpanic_on_warn
.
This is available via warn_limit
and oops_limit
sysctls now.
Attacks against setuid applications traditionally end up using some level of bruce forcing to either break ASLR or otherwise wait for the right conditions on re-exec (e.g. StackClash explicitly called out this defense as foiling their attack). A setuid application or forking daemon rapidly crashing is a pretty clear signal to the kernel that something malicious (or at least resource-wasting) is happening in userspace, so it would be nice to have this detected and mitigated. This was already done in grsecurity with their CONFIG_GRKERNSEC_BRUTE.
An attempt was made to upstream this defense: https://lore.kernel.org/linux-fsdevel/1419457167-15042-1-git-send-email-richard@nod.at/ But it did not continue to get developed. It needed both a CONFIG and a sysctl added. (And to have a more well described explanation for why this should not be part of the userspace libc, which is the wrong layer to detect the condition, nor to do anything about it.)