Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp679148pxf; Thu, 11 Mar 2021 12:08:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJwtUkOlR2oTr3GQmf1s+2kREz63IP/U9IwohKus4hwpVNCoFg6CLc6fZguBagu0sbxO0TP7 X-Received: by 2002:a17:906:ef2:: with SMTP id x18mr4858578eji.323.1615493317035; Thu, 11 Mar 2021 12:08:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615493317; cv=none; d=google.com; s=arc-20160816; b=zALxTU6ZGHCgLG65aGPJxc3lt+f1XNCxa17jqh+bmNTuIW8VxkRvnKT7tuN7U2iWoU AnXAH1tcGE3ubItKBBoM4zt1NQ211Yb9trE20gMqRmXFF16vugpSGUgDzLRanApQpUK9 c8FKO5p0+05ydSyHQtdIvT6tH7dsLaRNLWGkAp/F3ZoXQOIp2qnf7Gqp+OzfPFEyuEqB g2/h+qfNmGQS0crQPXOjdbRLlTdykP0SEbC94NWgK0cBI8HwunyM91KKOmN0ROWcH2Nr 2jDZglqOykctzdQVGl8ULEjeGN8a74sf5ZbyDKwM4Xvu5/B775jfzByy7jxpoGJSzxRp ivDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=A9KanVpmKT25sUu4EpKwLvU9M3ESIZ5rNu0YRbAVm7E=; b=oEtJcEuqvpvdw1Vuw/fGXfy+7KJ1Vxz4DlWVgkpyBFsUPv662SReUfEQuEZEVMa3zw jVciT2ekTEi/wmuR/F6tKsEOFMGFES/6yf5+QC4Issj0gf8gair1p81eGKsR567EkH5v bWPJaMSEQL3xA/98PZoWwBFXg0kF5pS6bBaHkj+YBBf3SU6UwlMj8gMFCkVzCk7aW9Kv t6ZRbtw47oykiobqLs0qIaYUfHPXuiufn/iyvUWAb9tsgZDjHX9/dVH1K5f+doPcw4EZ XybpB/RnGMMt4K32OZk+WY6ZFAckf2mlaKPTD4qMTQVvXAl3+LqyPUGiT5vyp6A9B9ht 8GZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e13si2318821edz.432.2021.03.11.12.08.12; Thu, 11 Mar 2021 12:08:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230107AbhCKUFa (ORCPT + 99 others); Thu, 11 Mar 2021 15:05:30 -0500 Received: from mga09.intel.com ([134.134.136.24]:58151 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229796AbhCKUFT (ORCPT ); Thu, 11 Mar 2021 15:05:19 -0500 IronPort-SDR: XquBZnu7ATEmIQVLbQ1U5CdsHaHy8IQk2s7+N9ADE5dOTghvr1gi0a0o3a34+abuv+r0ECOxQO YGjW0Xgfys1g== X-IronPort-AV: E=McAfee;i="6000,8403,9920"; a="188828700" X-IronPort-AV: E=Sophos;i="5.81,241,1610438400"; d="scan'208";a="188828700" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Mar 2021 12:05:19 -0800 IronPort-SDR: FbBl7vt7kRG6veBODarDsB6owtweSKVaX9+h//dt0YVjEZAl/r6yUr3KXsCzySdt6nLFYsX+T2 3OzFsKxYCx8w== X-IronPort-AV: E=Sophos;i="5.81,241,1610438400"; d="scan'208";a="387131641" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Mar 2021 12:05:18 -0800 Date: Thu, 11 Mar 2021 12:05:17 -0800 From: Andi Kleen To: John Wood Cc: Kees Cook , Jann Horn , Randy Dunlap , Jonathan Corbet , James Morris , Shuah Khan , "Serge E. Hallyn" , Greg Kroah-Hartman , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kselftest@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM Message-ID: <20210311200517.GG203350@tassilo.jf.intel.com> References: <20210227153013.6747-1-john.wood@gmx.com> <20210227153013.6747-8-john.wood@gmx.com> <878s78dnrm.fsf@linux.intel.com> <20210302183032.GA3049@ubuntu> <20210307151920.GR472138@tassilo.jf.intel.com> <20210307164520.GA16296@ubuntu> <20210307172540.GS472138@tassilo.jf.intel.com> <20210307180541.GA17108@ubuntu> <20210307224927.GT472138@tassilo.jf.intel.com> <20210309184054.GA3058@ubuntu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210309184054.GA3058@ubuntu> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks. Okay but that means that the brute force attack can just continue because the attacked daemon will be respawned? You need some way to stop the respawning, otherwise the mitigation doesn't work for daemons. -Andi