kees
commented
3 years ago Open kees opened 4 years ago
kees
commented
3 years ago kees
commented
1 year ago It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set panic_on_oops nor panic_on_warn.
kees
commented
1 month ago It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set
panic_on_oopsnorpanic_on_warn.
This is available via warn_limit and oops_limit sysctls now.
Attacks against setuid applications traditionally end up using some level of bruce forcing to either break ASLR or otherwise wait for the right conditions on re-exec (e.g. StackClash explicitly called out this defense as foiling their attack). A setuid application or forking daemon rapidly crashing is a pretty clear signal to the kernel that something malicious (or at least resource-wasting) is happening in userspace, so it would be nice to have this detected and mitigated. This was already done in grsecurity with their CONFIG_GRKERNSEC_BRUTE.
An attempt was made to upstream this defense: https://lore.kernel.org/linux-fsdevel/1419457167-15042-1-git-send-email-richard@nod.at/ But it did not continue to get developed. It needed both a CONFIG and a sysctl added. (And to have a more well described explanation for why this should not be part of the userspace libc, which is the wrong layer to detect the condition, nor to do anything about it.)