Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1459823pxf; Fri, 12 Mar 2021 09:59:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJzqfImbXmjv0ALtQV1R5WxLAX/Q4LIbEGoBW2Nq6txINvmH5BxV+++3rhl4Qq3eNP1b+Bh3 X-Received: by 2002:aa7:d588:: with SMTP id r8mr15538698edq.88.1615571949836; Fri, 12 Mar 2021 09:59:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615571949; cv=none; d=google.com; s=arc-20160816; b=J77hugRF+SXfezdi8wbZTV/C47bnwHQcaY/sZNDi+64hg0jhecil+3yCIAsjCv9uLa TQMBSApKDgYAAMGRJbGAvhx97Ay+3LSxedwaMMl4mpZne18RFQuzB/e29jEs3gBlLoQp M3oXRRtEYloZ1m8uGPGkt1yer+IgYdARgrVXEmm7gsSGoudsrqMwoJDgzt34vEpRPaqz JqHpTzdYaqbe/yOdzMzbq0PU96rx10fdOnl6TxWhIzWd7EQkFd5VAalzv5Eg/PftaDp3 7QLg8n1cTJsThZZqWXgeiM5JC0ZFsF1b09n0lxeDV6TvAJpTJW2KllhVBN2BpZYihd16 WbMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=5zvDdlBOTpGmg8SYWvlilFo6X3L3cFtO5aKa0CwJZc4=; b=GHq4jo7S1Rrd7SDvE5MfO1EiupBzh7In5AEMDfQHvQLchT6g9rdRHXkta3ExRcQMI9 pD5eeeMKghx4X6yYI+KaIjE0tza6+RzzmD5y7Nl2Gq5quxmuVfRbIrHvyPI28d7O2xJ4 QMYaa99EIFlpHrew1BAtohhq+dlwvzQ8YnElEHQNJr40BHzfj3lLGRId36hRH0s6YjnS 6Kxa9pZIyj04ND4jfH1E/QDFJPbb0K1/UUOiwIUDHSW1bL/QYWFbQMbyd/1TZAv5WamL N58J3x7Zj7r01PYqoOK+mpk/Q7oHBuIcEIyjwuuEnUB6cGjkgZAN7/CIrVp2RMeLV51H K7Lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=H2qPS5OM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d8si4608642edy.246.2021.03.12.09.58.47; Fri, 12 Mar 2021 09:59:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmx.net header.s=badeba3b8450 header.b=H2qPS5OM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231855AbhCLRzm (ORCPT + 99 others); Fri, 12 Mar 2021 12:55:42 -0500 Received: from mout.gmx.net ([212.227.17.22]:46415 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232229AbhCLRzT (ORCPT ); Fri, 12 Mar 2021 12:55:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1615571687; bh=5zvDdlBOTpGmg8SYWvlilFo6X3L3cFtO5aKa0CwJZc4=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:References:In-Reply-To; b=H2qPS5OMh+GAQjEPyXw7WHk3to0jYJ7sDl4tsYsXBZIWamCr2BW3Qrbg+JHG7GLpW KzhLxagtJzjy1tyniaT4eP/Usxbgx9kB+XdCopLHZovz2yHUieSsG/4+p9nv1FV800 7A628qswk5DAsHm7U/eRWYrCcxiQIVEVoFFUzPj0= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from ubuntu ([83.52.229.153]) by mail.gmx.net (mrgmx105 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MxUnp-1leElK1mH3-00xtL2; Fri, 12 Mar 2021 18:54:47 +0100 Date: Fri, 12 Mar 2021 18:54:44 +0100 From: John Wood To: Andi Kleen Cc: John Wood , Kees Cook , Jann Horn , Randy Dunlap , Jonathan Corbet , James Morris , Shuah Khan , "Serge E. Hallyn" , Greg Kroah-Hartman , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kselftest@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH v5 7/8] Documentation: Add documentation for the Brute LSM Message-ID: <20210312175444.GC3103@ubuntu> References: <20210227153013.6747-8-john.wood@gmx.com> <878s78dnrm.fsf@linux.intel.com> <20210302183032.GA3049@ubuntu> <20210307151920.GR472138@tassilo.jf.intel.com> <20210307164520.GA16296@ubuntu> <20210307172540.GS472138@tassilo.jf.intel.com> <20210307180541.GA17108@ubuntu> <20210307224927.GT472138@tassilo.jf.intel.com> <20210309184054.GA3058@ubuntu> <20210311200517.GG203350@tassilo.jf.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210311200517.GG203350@tassilo.jf.intel.com> X-Provags-ID: V03:K1:SuNaC8l4ofMz5PeVWxAj2Ub9Iy1nxdyzxd1L6V/gtgj5gnFLD1S I5L/bUQtKOVdCBxKBO/ZP7Ncca+0qE8R3yw3fhaopP1rEuS5z8BzijroK8maIG7T6YhP+NZ z1VOvu+civtZqHxFIQLRLgTi7vErnDtFx9VwG5ckyMVuHs2NwPNZn2Te+26cCuctNXPpOCW 9tg918q9c3iomwA9F5b1A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:2g/OjCOku7o=:a+cdNEVUGAIPK9zpYFpOP9 TCWcVVVEzGCwEteqlEZcE7eWU/SLIKQHwRiNlS/duxRoTowXyMbY2AbfxUpp7lEImTUiF8WvC Ccxpi0oKPnIVJF7ZyexplRm5MsO0HGkA275ksMn92E23nIwzLA+bXIzwwX3CUL3dOBfitpIq+ cwOhS3UxNcIo8I8oUo+y2KXmOMef/sYHlNKZyyp+oWLcv1T2aHGQJHGU11JEDEXeowj5d18H4 mkGAuCOCCtCaeiHoaAqr8enyrjp/K3O95QROMvycy1hjBzVRm5dux5b7bDNOGfXN0rahVjamD lA4NSYsuwX0DhXIwKdobgJOJ6JwRsu9EJHx9m5iwGvlY+eBNRKgLsuNQ1etPpJqGBDIcLMf1b TLALI1YKZaEciWdYO+gUv59qBXbctxwUBfPxvO4MKNJWfm9etplamNUI/xCl1MVs0n1d434h4 x+BslsfjnmmcFtfB83/3nusuqtL0sDmOkzmPps/53CJw2XZPa0c5Ig6GyvVR99bBxtb823jcR ULVMMpVE4ogc0OIPhOpFygvVTIeXQ2HeIh+G2a1ncuPaQLMj4LfwNTBsPRQx/YqKYV3xdKmAz KMjQwau3Hn30MVTMR9NUAiihKug/crLomVAW2oM4OWdsbPbP9NlBleIEVNBKXtMPu+EFuEY+k 30SyxfjHNAk7HAeDi04qnrDt6Ph8NVmi0+lbq/OehAQeJ5OOKNa60YtzLVRQQxu7NXeid8Y/b HFIKdUCtfYW1cwDLiFHtHxtBQzKLxXZO0SJPgQG7vvCwcIEBx46/c6xhMC6snSlktztnS44OE MPyFUBi2P7FdyycZV+QxmZZB9SlbM1On+dXSO6/1Ltgp60vhRJozmQUyw2D92Izn4t9PafMja BvyOzBBZiOelJTgq7PSg== Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 11, 2021 at 12:05:17PM -0800, Andi Kleen wrote: > > Okay but that means that the brute force attack can just continue > because the attacked daemon will be respawned? > > You need some way to stop the respawning, otherwise the > mitigation doesn't work for daemons. > I will work on your solution regarding respawned daemons (use wait*() to i= nform userspace that the offending processes killed by the mitigation exited due= to this mitigation -> then the supervisor can adopt their own policy). > > -Andi > Thank you very much, John Wood