On Thu, 2 Jun 2022 19:39:14 +0300 Dmitry V. Levin wrote:
> Hi,
> 
> On Thu, Jun 02, 2022 at 07:15:11PM +0400, Alexey Sheplyakov wrote:
> > Hi,
> > 
> > On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote:
> > > The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity.  Adds the
> > > option to disable perf_event_open() entirely for unprivileged users.
> > > This standalone version doesn't include making the variable read-only
> > > (or renaming it).
> > > 
> > > When kernel.perf_event_open is set to 3 (or greater), disallow all
> > > access to performance events by users without CAP_SYS_ADMIN.
> > > Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> > > makes this value the default.
> > 
> > No, thanks. Profiling on Linux is already more diffucult than it should be
> > Making things even more complicated is not appreciated at all.
> 
> Since the kernel we are talking about is an universal kernel, it has to
> suit needs of both those who care about basic security and those who do
> profiling.  Thus, a patch that makes this control runtime configurable
> is a long awaited one.  The only aspect worth discussing is the default
> behaviour.
 
We should be consistent is this behaviour. Why do we have ptrace
allowed for unprivileged users then? It provides a broad scope for
attacks.

We should set /proc/sys/kernel/yama/ptrace_scope to at least 2 by
default. Though this is not a kernel-configurable option, but
a sysctl's one.

Best regards,
Andrew Savchenko