Re: [BUG] perf: bogus correlation of kernel symbols

[Ingo Molnar]

* Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:

> At least one distro (Red Hat) ships with panic_on_oops enabled by default, so 
> attackers don't get more than one chance.  Likewise, vulnerabilities in 
> interrupt context will only have one chance, as will any issue where failed 
> exploitation prevents subsequent attempts, as is frequently the case due to 
> failures to clean up locking primitives on an OOPS.

So it's basically a last line of defense: the attacker has to assume the risk 
of the attack being detected.

That has a chilling effect on some types of attacks: especially those where the 
attacker goes against a high value target with a zero day kernel exploit. 
Risking a crash does not just mean possibly alerting the target, but also means 
possibly losing the zero-day exploit - if that oops log gets to a kernel 
developer who starts wondering about the weird backtrace.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/