| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jun 2016 08:54:27 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Kees Cook <keescook@...omium.org> Cc: Ingo Molnar <mingo@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [kernel-hardening] [PATCH 2/2] security,perf: Allow further restriction of perf_event_open On Thu, Jun 16, 2016 at 03:27:55PM -0700, Kees Cook wrote: > Hi guys, > > This patch wasn't originally CCed to you (I'm fixing that now). Would > you consider taking this into the perf tree? No. > It's been in active use > in both Debian and Android for a while now. Very nice of you all to finally inform us I suppose :/ > >>> When kernel.perf_event_open is set to 3 (or greater), disallow all > >>> access to performance events by users without CAP_SYS_ADMIN. > >>> Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that > >>> makes this value the default. > >>> > >>> This is based on a similar feature in grsecurity > >>> (CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making > >>> the variable read-only. It also allows enabling further restriction > >>> at run-time regardless of whether the default is changed. This Changelog is completely devoid of information. _WHY_ are you doing this? Also, hate the CONFIG.
Powered by blists - more mailing lists