kernel-hardening - Re: Re: [PATCH 1/2] security, perf: allow further restriction of perf_event

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 03 Aug 2016 08:53:21 -0400
From: Daniel Micay <danielmicay@...il.com>
To: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>
Cc: Peter Zijlstra <peterz@...radead.org>, Jeff Vander Stoep
 <jeffv@...gle.com>,  Ingo Molnar <mingo@...hat.com>, Arnaldo Carvalho de
 Melo <acme@...nel.org>, Alexander Shishkin
 <alexander.shishkin@...ux.intel.com>, "linux-doc@...r.kernel.org"
 <linux-doc@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Jonathan
 Corbet <corbet@....net>, "Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: Re: [PATCH 1/2] security, perf: allow
 further restriction of perf_event_open

Having this in Yama would also make it probable that there would be a
security-centric default. It would end up wiping out unprivileged perf
events access on distributions using Yama for ptrace_scope unless they
make the explicit decision to disable it. Having the perf subsystem
extend the existing perf_event_paranoid sysctl leaves the control over
the upstream default in the hands of the perf subsystem, not LSMs.
Download attachment "signature.asc" of type "application/pgp-signature" (852 bytes)

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.