On 13/12/13 20:20, Vegard Nossum wrote:
> On 12/13/2013 12:50 AM, Ryan Mallon wrote:
>> On 13/12/13 08:13, Kees Cook wrote:
>>> On Thu, Dec 12, 2013 at 11:06 AM, Theodore Ts'o <ty...@mit.edu> wrote:
>>>> On Thu, Dec 12, 2013 at 05:52:24PM +0100, vegard.nos...@oracle.com wrote:
>>>>> The idea is simple -- since different kernel versions are vulnerable to
>>>>> different root exploits, hackers most likely try multiple exploits before
>>>>> they actually succeed.
>>
>> The _exploit() notifications could also be used to spam the syslogs.
>> Although they are individually ratelimited, if there are enough
>> _exploit() markers in the kernel then an annoying person can cycle
>> through them all to generate large amounts of useless syslog.
>
> They are rate limited collectively, not individually, so this should not be
> an issue.
Yes, sorry, I misread the code.
I wonder if the exploit() function name should be changed though. Having:
exploit("CVE-xxxx");
In the code looks like some sort of injection/testing framework. Maybe:
warn_known_exploit("CVE-xxxx");
would be clearer?
~Ryan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
