From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <asheplyakov@basealt.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 RP_MATCHES_RCVD autolearn=unavailable autolearn_force=no version=3.4.1
Date: Mon, 6 Jun 2022 16:10:39 +0400
From: Alexey Sheplyakov <asheplyakov@basealt.ru>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Message-ID: <Yp3uvxtVTz311AtU@asheplyakov-rocket>
References: <20220602003100.524482-1-vt@altlinux.org>
 <YpjTyDetPLPNJCmf@asheplyakov-rocket>
 <20220602163914.GB11775@altlinux.org>
 <YpxfNbs1bVTn/5dV@asheplyakov-vostro-3500>
 <Ypyp+KyhF0kcXMqd@portlab> <Yp3G6BNycsU28o7T@asheplyakov-rocket>
 <20220606133104.bbe440d29617fc9f7f8778ad@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220606133104.bbe440d29617fc9f7f8778ad@altlinux.org>
Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security,
 perf: Allow further restriction of perf_event_open
X-BeenThere: devel-kernel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux kernel packages development
 <devel-kernel@lists.altlinux.org>
List-Id: ALT Linux kernel packages development
 <devel-kernel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel-kernel>
List-Post: <mailto:devel-kernel@lists.altlinux.org>
List-Help: <mailto:devel-kernel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2022 12:10:48 -0000
Archived-At: <http://lore.altlinux.org/devel-kernel/Yp3uvxtVTz311AtU@asheplyakov-rocket/>
List-Archive: <http://lore.altlinux.org/devel-kernel/>
List-Post: <mailto:devel-kernel@altlinux.org>

On Mon, Jun 06, 2022 at 01:31:04PM +0300, Andrey Savchenko wrote:
> On Mon, 6 Jun 2022 13:20:40 +0400 Alexey Sheplyakov wrote:
> > Hi,
> > 
> > On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote:
> > > > People who actually need security 
> > > > 
> > > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> > > > 2) don't use Linux (so the kernel can be actually audited)
> > > > 3) don't exist
> > > 
> > > I don't get the point of these. If we don't need security why should we
> > > bother with user/group processes/filesystems separation and permissions,
> > > chrooting, etc. We have a superuser, lets everything run with it!
> > 
> > 1. In a way we already do (on desktop systems). All applications run with
> >    the same uid and have the same permissions. Nothing prevents firefox
> >    from sending my private GPG key to $BIG_BROTHER, or removing all files
> >    (in $HOME), etc.
> 
> Just use firejail.

You mean this one

https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt ?

No, thanks.