From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.1 Date: Fri, 3 Jun 2022 09:25:46 +0300 From: Andrey Savchenko To: ALT Linux kernel packages development Message-Id: <20220603092546.80db0c808ac37505e966d227@altlinux.org> In-Reply-To: <20220602163914.GB11775@altlinux.org> References: <20220602003100.524482-1-vt@altlinux.org> <20220602163914.GB11775@altlinux.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-alt-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA512"; boundary="Signature=_Fri__3_Jun_2022_09_25_46_+0300_c5_PnJTeepbh6_qA" Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open X-BeenThere: devel-kernel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux kernel packages development List-Id: ALT Linux kernel packages development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2022 06:25:54 -0000 Archived-At: List-Archive: List-Post: --Signature=_Fri__3_Jun_2022_09_25_46_+0300_c5_PnJTeepbh6_qA Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 2 Jun 2022 19:39:14 +0300 Dmitry V. Levin wrote: > Hi, >=20 > On Thu, Jun 02, 2022 at 07:15:11PM +0400, Alexey Sheplyakov wrote: > > Hi, > >=20 > > On Thu, Jun 02, 2022 at 03:31:00AM +0300, Vitaly Chikunov wrote: > > > The GRKERNSEC_PERF_HARDEN feature extracted from grsecurity. Adds the > > > option to disable perf_event_open() entirely for unprivileged users. > > > This standalone version doesn't include making the variable read-only > > > (or renaming it). > > >=20 > > > When kernel.perf_event_open is set to 3 (or greater), disallow all > > > access to performance events by users without CAP_SYS_ADMIN. > > > Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that > > > makes this value the default. > >=20 > > No, thanks. Profiling on Linux is already more diffucult than it should= be > > Making things even more complicated is not appreciated at all. >=20 > Since the kernel we are talking about is an universal kernel, it has to > suit needs of both those who care about basic security and those who do > profiling. Thus, a patch that makes this control runtime configurable > is a long awaited one. The only aspect worth discussing is the default > behaviour. =20 We should be consistent is this behaviour. Why do we have ptrace allowed for unprivileged users then? It provides a broad scope for attacks. We should set /proc/sys/kernel/yama/ptrace_scope to at least 2 by default. Though this is not a kernel-configurable option, but a sysctl's one. Best regards, Andrew Savchenko --Signature=_Fri__3_Jun_2022_09_25_46_+0300_c5_PnJTeepbh6_qA Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAmKZqWoACgkQ9lNaM7oe 5I3Mag//WgqN+L2aKRaZLCF/WV5rWQPEnXZL34aEzoOXcAcq6vr8btqk8tYNwRQR +rzcGefbPQtbinzFmv0ALxqhDUg3fHKxfq9h7mjKaGVjHFDmyW5zN/GmnZzTL9px zWKsye2453V6jciAozEbBqtYiFecPbg0f9TEByQPHKQV5AnJWnc8mVrgkZ4U9oq/ nVqphwl2j2gqHqnGvNS4ytm2HMw0KQXdDThRyJrhoIL+aUvNaAN9HCjfCKbvz8t8 hm9QIwYMULccGbgFL+lqMstzoGsP+1gmfB/TqMVpeuFgSSuYNTydLlYWluZi3gAQ +jy829mf8WBF/57BQLEdMq/+HrfCsHHsc4IG+ZFpzocd77ZE5yBxScTAKQISCiMC HtEfJdL0WME2msi1Yfz/KQVE2fEiKJddUlFLiUwRsdE6+NuSfAS7tAYYV5f3gIAt p/zpdRnHpElAV9tVk0t68GUV0xiPut3HSnqH0agON7gEGLtB9r3WJfEl6pQLppxh 889VG4vHF0Z6FmfcWpz2rno9i6iYbPL/t3XpwEPp1/CNxH9vGjLsKtQpbPJW+J33 TYrMihUPE8iQR5hrO/InPO/8VoaVaKRw6CA/q7vUJYf8X9++txS9XcBKtvgrByfs Rn1C9smOccKkxn02AnDhVaJWRzWJGN02NvImY05QUMvNoQQNZ/Q= =yNcQ -----END PGP SIGNATURE----- --Signature=_Fri__3_Jun_2022_09_25_46_+0300_c5_PnJTeepbh6_qA--