On Sat, 03 Apr 2021 09:02:26 +0200, John Wood said: > Currently, the scenario you propose is fully mitigated :). And notifying to > userspace that all the tasks has been killed by "Brute" not decrease the > security. It adds the possibility that the supervisor adopts the correct > policy.
So how do you figure out how far up the chain you kill processes? What does a triple or quadruple fork do? How do you ensure that you deliver the notification to the correct supervisor? (Hint - walking backwards until you hit a process running as root isn't necessarily the right answer, especially once you consider containers and systems where gdm runs as non-root and other weird stuff..) Bonus points if you deal correctly with abuse of LD_PRELOAD to front-end a signal handler that catches SIGSEGV, without breaking the semantics of legitimate signal handlers...
pgpzw8edXv6Ae.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
