[RESEND][RFC PATCH 0/6] Fork brute force attack mitigation (fbfam)
Jann Horn
jannh at google.com
Thu Sep 10 20:39:04 UTC 2020
On Thu, Sep 10, 2020 at 10:21 PM Kees Cook <keescook at chromium.org> wrote:
> [kees: re-sending this series on behalf of John Wood <john.wood at gmx.com>
> also visible at https://github.com/johwood/linux fbfam]
[...]
> The goal of this patch serie is to detect and mitigate a fork brute force
> attack.
>
> Attacks with the purpose to break ASLR or bypass canaries traditionaly use
> some level of brute force with the help of the fork system call. This is
> possible since when creating a new process using fork its memory contents
> are the same as those of the parent process (the process that called the
> fork system call). So, the attacker can test the memory infinite times to
> find the correct memory values or the correct memory addresses without
> worrying about crashing the application.
For the next version of this patchset, you may want to clarify that
this is intended to stop brute force attacks *against vulnerable
userspace processes* that fork off worker processes. I was halfway
through the patch series before I realized that.
More information about the Linux-security-module-archive
mailing list