From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vseleznv@altlinux.org>
Date: Sun, 5 Jun 2022 16:04:56 +0300
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Message-ID: <Ypyp+KyhF0kcXMqd@portlab>
References: <20220602003100.524482-1-vt@altlinux.org>
 <YpjTyDetPLPNJCmf@asheplyakov-rocket>
 <20220602163914.GB11775@altlinux.org>
 <YpxfNbs1bVTn/5dV@asheplyakov-vostro-3500>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YpxfNbs1bVTn/5dV@asheplyakov-vostro-3500>
Subject: Re: [d-kernel] [PATCH] UBUNTU: SAUCE: security,
 perf: Allow further restriction of perf_event_open
X-BeenThere: devel-kernel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux kernel packages development
 <devel-kernel@lists.altlinux.org>
List-Id: ALT Linux kernel packages development
 <devel-kernel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel-kernel>
List-Post: <mailto:devel-kernel@lists.altlinux.org>
List-Help: <mailto:devel-kernel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 13:04:57 -0000
Archived-At: <http://lore.altlinux.org/devel-kernel/Ypyp+KyhF0kcXMqd@portlab/>
List-Archive: <http://lore.altlinux.org/devel-kernel/>
List-Post: <mailto:devel-kernel@altlinux.org>

On Sun, Jun 05, 2022 at 11:48:06AM +0400, Alexey Sheplyakov wrote:
> Hello,
> 
> On Thu, Jun 02, 2022 at 07:39:14PM +0300, Dmitry V. Levin wrote:
> > > No, thanks. Profiling on Linux is already more diffucult than it should be
> > > Making things even more complicated is not appreciated at all.
> > 
> > Since the kernel we are talking about is an universal kernel, it has to
> > suit needs of both those who care about basic security and those who do
> > profiling.
> 
> [...]
> 
> People who actually need security 
> 
> 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> 2) don't use Linux (so the kernel can be actually audited)
> 3) don't exist

I don't get the point of these. If we don't need security why should we
bother with user/group processes/filesystems separation and permissions,
chrooting, etc. We have a superuser, lets everything run with it!

1) There are some tricks to significantly reducing impact of
Spectre-like vulnerabilities, like disabling HT, separate processes to
run on different trust-level CPU core, KPTI, etc.
2) The kernel constantly reviewed, sure it is not an audit but some part
are well reviewed,  especially in general parts. The most vulnerable
parts are in the new features (in some we even do not realize the entire
possible impact), complex protocols like USB, WiFi, etc, the modules in
general.

I think it is worth reducing the attack surface. There were known
vulnerabilities in the perf kernel subsystem that allowed to escalate
privileges, and profiling is not a common task. I don't see why
switching the knob is a big problem.

-- 
   WBR,
   Vladimir D. Seleznev