From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 6 Jun 2022 15:59:41 +0300 From: "Vladimir D. Seleznev" To: ALT Linux kernel packages development Message-ID: References: <20220602003100.524482-1-vt@altlinux.org> <20220602163914.GB11775@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open X-BeenThere: devel-kernel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux kernel packages development List-Id: ALT Linux kernel packages development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2022 12:59:43 -0000 Archived-At: List-Archive: List-Post: On Mon, Jun 06, 2022 at 03:54:00PM +0300, Vladimir D. Seleznev wrote: > On Mon, Jun 06, 2022 at 01:20:40PM +0400, Alexey Sheplyakov wrote: > > Hi, > > > > On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote: > > > > People who actually need security > > > > > > > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc) > > > > 2) don't use Linux (so the kernel can be actually audited) > > > > 3) don't exist > > > > > > I don't get the point of these. If we don't need security why should we > > > bother with user/group processes/filesystems separation and permissions, > > > chrooting, etc. We have a superuser, lets everything run with it! > > > > 1. In a way we already do (on desktop systems). All applications run with > > the same uid and have the same permissions. Nothing prevents firefox > > from sending my private GPG key to $BIG_BROTHER, or removing all files > > (in $HOME), etc. > > I run firefox instanses and every semi-trusted applications with > different uids, so none of them can still my GPG or any other secrets or ^ steal /* fixed */ > corrupt my $HOME (until really bad things happen): -- WBR, Vladimir D. Seleznev