Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-19 Thread John Wood
On Fri, Sep 18, 2020 at 02:35:12PM -0700, Kees Cook wrote: > On Fri, Sep 18, 2020 at 06:02:16PM +0200, John Wood wrote: > > On Thu, Sep 10, 2020 at 04:56:19PM -0700, Kees Cook wrote: > > > On Thu, Sep 10, 2020 at 01:21:07PM -0700, Kees Cook wrote: > > > > + pr_warn("fbfam: Offending p

Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-18 Thread Kees Cook
On Fri, Sep 18, 2020 at 06:02:16PM +0200, John Wood wrote: > On Thu, Sep 10, 2020 at 04:56:19PM -0700, Kees Cook wrote: > > On Thu, Sep 10, 2020 at 01:21:07PM -0700, Kees Cook wrote: > > > + pr_warn("fbfam: Offending process with PID %d killed\n", > > > + p->pid); > > > > I'

Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-18 Thread John Wood
On Thu, Sep 10, 2020 at 04:56:19PM -0700, Kees Cook wrote: > On Thu, Sep 10, 2020 at 01:21:07PM -0700, Kees Cook wrote: > > /** > > + * fbfam_kill_tasks() - Kill the offending tasks > > + * > > + * When a fork brute force attack is detected it is necessary to kill all > > the > > + * offending ta

Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-10 Thread Jann Horn
On Fri, Sep 11, 2020 at 1:56 AM Kees Cook wrote: > On Thu, Sep 10, 2020 at 01:21:07PM -0700, Kees Cook wrote: > > From: John Wood > > > > In order to mitigate a fork brute force attack it is necessary to kill > > all the offending tasks. This tasks are all the ones that share the > > statistical

Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-10 Thread Kees Cook
On Thu, Sep 10, 2020 at 01:21:07PM -0700, Kees Cook wrote: > From: John Wood > > In order to mitigate a fork brute force attack it is necessary to kill > all the offending tasks. This tasks are all the ones that share the > statistical data with the current task (the task that has crashed). > >

Re: [RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-10 Thread Jann Horn
On Thu, Sep 10, 2020 at 10:22 PM Kees Cook wrote: > In order to mitigate a fork brute force attack it is necessary to kill > all the offending tasks. This tasks are all the ones that share the > statistical data with the current task (the task that has crashed). > > Since the attack detection is d

[RFC PATCH 6/6] security/fbfam: Mitigate a fork brute force attack

2020-09-10 Thread Kees Cook
From: John Wood In order to mitigate a fork brute force attack it is necessary to kill all the offending tasks. This tasks are all the ones that share the statistical data with the current task (the task that has crashed). Since the attack detection is done in the function fbfam_handle_attack()