Date: Sun, 25 Nov 2018 12:47:32 -0700 From: Jonathan Corbet <corbet@....net> To: Alexey Budankov <alexey.budankov@...ux.intel.com> Cc: Thomas Gleixner <tglx@...utronix.de>, Kees Cook <keescook@...omium.org>, Jann Horn <jannh@...gle.com>, Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Arnaldo Carvalho de Melo <acme@...nel.org>, Andi Kleen <ak@...ux.intel.com>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Jiri Olsa <jolsa@...hat.com>, Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>, Tvrtko Ursulin <tursulin@...ulin.net>, linux-kernel <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org> Subject: Re: [PATCH v2 1/2] Documentation/admin-guide: introduce perf-security.rst file On Wed, 21 Nov 2018 12:14:14 +0300 Alexey Budankov <alexey.budankov@...ux.intel.com> wrote: > +For the purpose of performing security checks Linux implementation splits > +processes into two categories _ : a) privileged processes (whose effective > +user ID is 0, referred to as superuser or root), and b) unprivileged processes > +(whose effective UID is nonzero). Is that really what's going on here? If I understand things correctly, it's looking for CAP_SYS_PTRACE rather than a specific UID; am I missing something here? (Also, you would want "*the* Linux implementation" in the first sentence above). One other thing: > +(whose effective UID is nonzero). Privileged processes bypass all kernel > +security permission checks so perf_events performance monitoring is fully > +available to privileged processes without *access*, *scope* and *resource* > +restrictions. Could I ask for a slight toning down of the markup here? There's a lot of *emphasis* here that isn't really needed and tends to get in the way. Thanks, jon
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.