| 1 |
On 13 Feb 2008 at 15:07, Geoff Kassel wrote: |
| 2 |
|
| 3 |
> Speaking of PaX, another great, impossible thing would be to have a |
| 4 |
> kernel-level feature for handling PaX violations in a less violent manner |
| 5 |
> (core dumps are violent, in my mind) |
| 6 |
|
| 7 |
coredumps are subject to the usual rlimit, so it's under userland control. |
| 8 |
|
| 9 |
> - perhaps suspension of the process in question until investigated, |
| 10 |
|
| 11 |
problem with this is DoS (exhaustion of RLIMIT_NPROC, not to mention all the |
| 12 |
memory and other resources used by the process). probably not a problem for |
| 13 |
a malicious local user as he'll just lock himself out but for a system service |
| 14 |
(think apache or mysql) it is. |
| 15 |
|
| 16 |
> with the possibility of resumption |
| 17 |
|
| 18 |
this is not possible as the page fault that triggered PaX would just |
| 19 |
occur again, ad infinitum. i.e., the userland process cannot make forward |
| 20 |
progress (the non-executable or unmapped page where the fault occured will |
| 21 |
stay so), the kernel must do something about it. |
| 22 |
|
| 23 |
> (Perhaps I'm just unaware of an already existing feature.) Again, an |
| 24 |
> upstream issue. |
| 25 |
|
| 26 |
here's upstream ;-). |
| 27 |
|
| 28 |
-- |
| 29 |
gentoo-hardened@l.g.o mailing list |
Archives