| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <357ED2BF-5CA6-454B-B433-BC6F6542D105@fb.com> Date: Wed, 15 Jan 2014 16:41:49 +0000 From: Gaurav Jain <gjain@...com> To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> CC: Pekka Enberg <penberg@....fi>, Ingo Molnar <mingo@...nel.org>, "acme@...hat.com" <acme@...hat.com> Subject: Perf map file ownership check 981c125 introduced a permission check on perf map files such that perf only loads the map file if it has ownership. Pekka mentioned that this prevents the perf tool from injecting arbitrary symbols from potentially malicious source. In our workload, the code generating the map file is running as a non-root user. However, the perf tool is run as root. As a result, the ownership check fails and the map file is not loaded. This raises 2 questions: 1. Is the ownership check necessary? What are the security implications of using symbols from an arbitrary source? I thought these are simply displayed by the perf tool. 2. Is there a way to avoid the check? Possibly with a -f flag. Thanks, Gaurav-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists