From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.1 Date: Mon, 6 Jun 2022 13:31:04 +0300 From: Andrey Savchenko To: ALT Linux kernel packages development Message-Id: <20220606133104.bbe440d29617fc9f7f8778ad@altlinux.org> In-Reply-To: References: <20220602003100.524482-1-vt@altlinux.org> <20220602163914.GB11775@altlinux.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-alt-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA512"; boundary="Signature=_Mon__6_Jun_2022_13_31_04_+0300_o6qiGiGbjrPkuiWP" Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open X-BeenThere: devel-kernel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux kernel packages development List-Id: ALT Linux kernel packages development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2022 10:31:11 -0000 Archived-At: List-Archive: List-Post: --Signature=_Mon__6_Jun_2022_13_31_04_+0300_o6qiGiGbjrPkuiWP Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, 6 Jun 2022 13:20:40 +0400 Alexey Sheplyakov wrote: > Hi, >=20 > On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote: > > > People who actually need security=20 > > >=20 > > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc) > > > 2) don't use Linux (so the kernel can be actually audited) > > > 3) don't exist > >=20 > > I don't get the point of these. If we don't need security why should we > > bother with user/group processes/filesystems separation and permissions, > > chrooting, etc. We have a superuser, lets everything run with it! >=20 > 1. In a way we already do (on desktop systems). All applications run with > the same uid and have the same permissions. Nothing prevents firefox > from sending my private GPG key to $BIG_BROTHER, or removing all files > (in $HOME), etc. Just use firejail. =20 Best regards, Andrew Savchenko --Signature=_Mon__6_Jun_2022_13_31_04_+0300_o6qiGiGbjrPkuiWP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAmKd12gACgkQ9lNaM7oe 5I3BgxAAqNFeOu7PJmm9SvDsOBDPeijIh2Pb/BZ+apcMd/NhXDfFB/G8zC8Xj9e1 Pw7a2v3q2whzt7WfvZL84tcrNnXoPc/xBjvHCs5KacG6VXxOAB/LmssQNoma1p2P XWBzWwyXJbPglHQ1gHZ4GwucOj0eyf1StygP9KFwWegHhYOfZs/jVgQl1KaL8Ynz 4ezzi+UgNExwh6YD1m72Mm0AMwburqi775RSHIrM3ogQPKwYwH2wuABtN6wRf26y iAsAXZv0Eb5xsL0cKft6V7MOHFgR/sR6Rmk03DEN3d9iY4R5k+efp36TwL5o3dM3 QE7//r57Vdw1q+KksDnlU/re60KBoxMiR6hLppw5klJZRP3wdZX0tRzzuGUx6gc6 xrjFvDKL/YzOtd8FdFT0EJoPb14qoXgDmasYZ/bNNTzeOohwRrXqoW2VujsJn+gn XiGsB4qZwPRiNSXbIrxZ/Ue5Hg+d2ZsIr9SZPiZhfujJVEPuYY+AQuu3vZnKMfsg 5l60ZgL8H85LE6RvkByc/GNm+PI8PHH9oChbqs02mkZ2CFek1ZAXSZ/4YYIgJRpG kKhWjaS6/zxF40RIm3oQ01UnbKhRIaaEWJ6AODo9E4yU3yXEtHxgK/POiOza4ueq /bn+Mw5jR8nEg7CQhqsxGeLZ6kkeIK9Ud0racsUyisYjmMmyM7g= =J3xj -----END PGP SIGNATURE----- --Signature=_Mon__6_Jun_2022_13_31_04_+0300_o6qiGiGbjrPkuiWP--