Notify special task kill using wait* functions
Valdis Kl=?utf-8?Q?=c4=93?=tnieks
valdis.kletnieks at vt.edu
Tue Mar 30 14:40:38 EDT 2021
On Tue, 30 Mar 2021 19:34:59 +0200, John Wood said:
> The question is: How can I notify to wait* functions that the task has
> been killed by the "Brute" LSM.
What wait* functions even *care* that your LSM was what killed it?
If you're caring about somehow notifying userspace that it was your LSM
specifically, remember that if your code works properly, only attackers
get notified - and they can then determine "Ah, this system has Brute installed,
we need to back off and fly under its radar".
You're much better off sending a SIGKILL to the entire process group
and be done with it. That way the bad guys get less information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20210330/5aff1bc8/attachment.sig>
More information about the Kernelnewbies
mailing list