ALT Linux kernel packages development
 help / color / mirror / Atom feed
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open
Date: Sun, 5 Jun 2022 16:04:56 +0300
Message-ID: <Ypyp+KyhF0kcXMqd@portlab> (raw)
In-Reply-To: <YpxfNbs1bVTn/5dV@asheplyakov-vostro-3500>

On Sun, Jun 05, 2022 at 11:48:06AM +0400, Alexey Sheplyakov wrote:
> Hello,
> 
> On Thu, Jun 02, 2022 at 07:39:14PM +0300, Dmitry V. Levin wrote:
> > > No, thanks. Profiling on Linux is already more diffucult than it should be
> > > Making things even more complicated is not appreciated at all.
> > 
> > Since the kernel we are talking about is an universal kernel, it has to
> > suit needs of both those who care about basic security and those who do
> > profiling.
> 
> [...]
> 
> People who actually need security 
> 
> 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> 2) don't use Linux (so the kernel can be actually audited)
> 3) don't exist

I don't get the point of these. If we don't need security why should we
bother with user/group processes/filesystems separation and permissions,
chrooting, etc. We have a superuser, lets everything run with it!

1) There are some tricks to significantly reducing impact of
Spectre-like vulnerabilities, like disabling HT, separate processes to
run on different trust-level CPU core, KPTI, etc.
2) The kernel constantly reviewed, sure it is not an audit but some part
are well reviewed,  especially in general parts. The most vulnerable
parts are in the new features (in some we even do not realize the entire
possible impact), complex protocols like USB, WiFi, etc, the modules in
general.

I think it is worth reducing the attack surface. There were known
vulnerabilities in the perf kernel subsystem that allowed to escalate
privileges, and profiling is not a common task. I don't see why
switching the knob is a big problem.

-- 
   WBR,
   Vladimir D. Seleznev


  parent reply	other threads:[~2022-06-05 13:04 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-02  0:31 Vitaly Chikunov
2022-06-02  7:14 ` Dmitry V. Levin
2022-06-02 12:40   ` Vitaly Chikunov
2022-06-02 13:29     ` Vitaly Chikunov
2022-06-02 15:58     ` Andrey Savchenko
2022-06-02 17:06       ` Vitaly Chikunov
2022-06-02 18:26       ` Vladimir D. Seleznev
2022-06-02 18:42         ` Andrey Savchenko
2022-06-02 18:56           ` Dmitry V. Levin
2022-06-03  6:27             ` Andrey Savchenko
2022-06-02 19:08           ` Vladimir D. Seleznev
2022-06-03  6:16             ` Andrey Savchenko
2022-06-03 12:41               ` Vladimir D. Seleznev
2022-06-03 12:54                 ` Andrey Savchenko
2022-06-02 15:15 ` Alexey Sheplyakov
2022-06-02 16:39   ` Dmitry V. Levin
2022-06-03  6:25     ` Andrey Savchenko
2022-06-03 15:07       ` Vitaly Chikunov
2022-06-05  7:48     ` Alexey Sheplyakov
2022-06-05  7:59       ` Dmitry V. Levin
2022-06-06 14:31         ` Alexey Sheplyakov
2022-06-05 13:04       ` Vladimir D. Seleznev [this message]
2022-06-06  9:20         ` Alexey Sheplyakov
2022-06-06 10:31           ` Andrey Savchenko
2022-06-06 12:10             ` Alexey Sheplyakov
2022-06-06 12:53           ` Vladimir D. Seleznev
2022-06-06 12:59             ` Vladimir D. Seleznev
2022-06-08 14:27             ` [d-kernel] right to profile (Re: [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open) Alexey Sheplyakov
2022-06-15 11:19               ` [d-kernel] [JT] Re: right to profile Michael Shigorin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Ypyp+KyhF0kcXMqd@portlab \
    --to=vseleznv@altlinux.org \
    --cc=devel-kernel@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux kernel packages development

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel-kernel/0 devel-kernel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel-kernel devel-kernel/ http://lore.altlinux.org/devel-kernel \
		devel-kernel@altlinux.org devel-kernel@altlinux.ru devel-kernel@altlinux.com
	public-inbox-index devel-kernel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git