lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Oct 2018 14:44:04 +0300
From:   Alexey Budankov <alexey.budankov@...ux.intel.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Jann Horn <jannh@...gle.com>, Mark Rutland <mark.rutland@....com>,
        Peter Zijlstra <peterz@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Andi Kleen <ak@...ux.intel.com>, tursulin@...ulin.net,
        kernel list <linux-kernel@...r.kernel.org>,
        tvrtko.ursulin@...ux.intel.com,
        the arch/x86 maintainers <x86@...nel.org>,
        "H . Peter Anvin" <hpa@...or.com>, acme@...nel.org,
        alexander.shishkin@...ux.intel.com, jolsa@...hat.com,
        namhyung@...nel.org, maddy@...ux.vnet.ibm.com
Subject: Re: [RFC 0/5] perf: Per PMU access controls (paranoid setting)


Hello,

On 02.10.2018 9:40, Thomas Gleixner wrote:

<SNIP>

> 
> Not only the user group, it really should do the full security checks which
> are done on open().

I expect it is already implemented by some internal kernel API so that 
it could be reused.

> 
>>    b) then traditional checks against perf_event_pranoid content are applied;
> 
> Hmm, not sure about that because that might be conflicting.

Well, possible contradictions could be converged to some reasonable point 
during technical review stage.

Current perf_event_paranoid semantics is still required for PMUs 
that are governed by global setting at /proc/sys/kernel/perf_event_paranoid.

<SNIP>

>> 4. Documentation/admin-guide/perf-security.rst file is introduced that:
> 
>      0) Better documentation of /proc/sys/kernel/perf_even_paranoid

Exactly. perf_event_open man7 [1] requires update as well, however 
this is not a part of kernel source tree so these docs changes are 
to be mailed TO: mtk.manpages@...il.com and CC: linux-api@...r.kernel.org.

Thanks,
Alexey

[1] http://man7.org/linux/man-pages/man2/perf_event_open.2.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ