Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add brute forcing/rapid crash detection and mitigation #39

Open
kees opened this issue Mar 11, 2020 · 3 comments
Open

Add brute forcing/rapid crash detection and mitigation #39

kees opened this issue Mar 11, 2020 · 3 comments
Labels
[Feature] ASLR involves address space layout randomization [PATCH] Exists A patch exists to address the issue [PATCH] Submitted A patch has been submitted upstream userspace defense This defense is intended to improve the resilience of userspace programs

Comments

@kees
Copy link

kees commented Mar 11, 2020

Attacks against setuid applications traditionally end up using some level of bruce forcing to either break ASLR or otherwise wait for the right conditions on re-exec (e.g. StackClash explicitly called out this defense as foiling their attack). A setuid application or forking daemon rapidly crashing is a pretty clear signal to the kernel that something malicious (or at least resource-wasting) is happening in userspace, so it would be nice to have this detected and mitigated. This was already done in grsecurity with their CONFIG_GRKERNSEC_BRUTE.

An attempt was made to upstream this defense:
https://lore.kernel.org/linux-fsdevel/[email protected]/
But it did not continue to get developed. It needed both a CONFIG and a sysctl added. (And to have a more well described explanation for why this should not be part of the userspace libc, which is the wrong layer to detect the condition, nor to do anything about it.)
@kees kees added [PATCH] Exists A patch exists to address the issue userspace defense This defense is intended to improve the resilience of userspace programs labels Mar 11, 2020
@kees
Copy link
Author

kees commented Mar 22, 2021

https://lore.kernel.org/lkml/[email protected]/
https://lwn.net/Articles/849531/

@kees kees added the [PATCH] Submitted A patch has been submitted upstream label Mar 22, 2021
@kees kees added the [Feature] ASLR involves address space layout randomization label May 3, 2021
@kees
Copy link
Author

kees commented Nov 2, 2022

It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set panic_on_oops nor panic_on_warn.

@kees
Copy link
Author

kees commented Jul 23, 2024

It'd be nice to get a kernel-crash detection version of this as well, for systems that don't set panic_on_oops nor panic_on_warn.

This is available via warn_limit and oops_limit sysctls now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[Feature] ASLR involves address space layout randomization [PATCH] Exists A patch exists to address the issue [PATCH] Submitted A patch has been submitted upstream userspace defense This defense is intended to improve the resilience of userspace programs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kees