Date: Mon, 26 Nov 2018 11:57:21 +0300 From: Alexey Budankov <alexey.budankov@...ux.intel.com> To: Jonathan Corbet <corbet@....net> Cc: Thomas Gleixner <tglx@...utronix.de>, Kees Cook <keescook@...omium.org>, Jann Horn <jannh@...gle.com>, Ingo Molnar <mingo@...hat.com>, Peter Zijlstra <peterz@...radead.org>, Arnaldo Carvalho de Melo <acme@...nel.org>, Andi Kleen <ak@...ux.intel.com>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Jiri Olsa <jolsa@...hat.com>, Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>, Tvrtko Ursulin <tursulin@...ulin.net>, linux-kernel <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org> Subject: Re: [PATCH v2 1/2] Documentation/admin-guide: introduce perf-security.rst file Hello Jon, On 25.11.2018 22:47, Jonathan Corbet wrote: > On Wed, 21 Nov 2018 12:14:14 +0300 > Alexey Budankov <alexey.budankov@...ux.intel.com> wrote: > >> +For the purpose of performing security checks Linux implementation splits >> +processes into two categories _ : a) privileged processes (whose effective >> +user ID is 0, referred to as superuser or root), and b) unprivileged processes >> +(whose effective UID is nonzero). > > Is that really what's going on here? If I understand things correctly, > it's looking for CAP_SYS_PTRACE rather than a specific UID; am I missing > something here? You are right regarding CAP_SYS_PTRACE but this capability is not the only one which is used by perf_events for security checks, so the capabilities clarification is kept aside of these patches, because patches initial intention is to clarify security specifics of sysctl_perf_even_paranoid settings. I agree that the document can be extended with details clarifying capabilities used by perf_events for security checks. > > (Also, you would want "*the* Linux implementation" in the first sentence > above). Accepted. > > One other thing: > >> +(whose effective UID is nonzero). Privileged processes bypass all kernel >> +security permission checks so perf_events performance monitoring is fully >> +available to privileged processes without *access*, *scope* and *resource* >> +restrictions. > > Could I ask for a slight toning down of the markup here? There's a lot of > *emphasis* here that isn't really needed and tends to get in the way. Accepted. Thanks, Alexey > > Thanks, > > jon >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.