Hi all, I'd like to know is there any way to protect from kernel vulnerabilities like CVE-2016–5195 (mad COW) using hardened technologies. (I'm not talking about how to fix this exact CVE, but how to protect from similar failures in future.)
Based on exploit published I can think of the following approaches: 1) Exploit runs enormous amounts of madvise() calls, any way to rate limit it or block after some threshold is reached? I doubt there is any legitimate use case for calling madvise() that often. 2) Exploits uses huge rate of write() calls and most the fails due to access restrictions. This is definitely suspicious. Can such behaviour be spotted and blocked by some security feature? 3) Can some hardware features like Intel TSX be used to protect from such race conditions? Best regards, Andrew Savchenko
pgp3TNDuoK7pE.pgp
Description: PGP signature
