On Thu, Mar 11, 2021 at 12:05:17PM -0800, Andi Kleen wrote:
Okay but that means that the brute force attack can just continue because the attacked daemon will be respawned?
You need some way to stop the respawning, otherwise the mitigation doesn't work for daemons.
I will work on your solution regarding respawned daemons (use wait*() to inform userspace that the offending processes killed by the mitigation exited due to this mitigation -> then the supervisor can adopt their own policy).
-Andi
Thank you very much, John Wood