On Fri, Jul 15, 2016 at 12:19 PM, Daniel Micay <danielmi...@gmail.com> wrote: >> I'd like it to dump stack and be fatal to the process involved, but >> yeah, I guess BUG() would work. Creating an infrastructure for >> handling security-related Oopses can be done separately from this >> (and >> I'd like to see that added, since it's a nice bit of configurable >> reactivity to possible attacks). > > In grsecurity, the oops handling also uses do_group_exit instead of > do_exit but both that change (or at least the option to do it) and the > exploit handling could be done separately from this without actually > needing special treatment for USERCOPY. Could expose is as something > like panic_on_oops=2 as a balance between the existing options.
I'm also uncomfortable about BUG() being removed by unsetting CONFIG_BUG, but that seems unlikely. :) -Kees -- Kees Cook Chrome OS & Brillo Security _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
