| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190812200134.GE9280@kernel.org>
Date: Mon, 12 Aug 2019 17:01:34 -0300
From: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To: Igor Lubashev <ilubashe@...mai.com>
Cc: linux-kernel@...r.kernel.org, Jiri Olsa <jolsa@...hat.com>,
Alexey Budankov <alexey.budankov@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Mathieu Poirier <mathieu.poirier@...aro.org>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Namhyung Kim <namhyung@...nel.org>,
Suzuki K Poulose <suzuki.poulose@....com>,
linux-arm-kernel@...ts.infradead.org,
James Morris <jmorris@...ei.org>
Subject: Re: [PATCH v3 2/4] perf: Use CAP_SYS_ADMIN with perf_event_paranoid
checks
Em Wed, Aug 07, 2019 at 10:44:15AM -0400, Igor Lubashev escreveu:
> +++ b/tools/perf/util/evsel.c
> @@ -279,7 +279,7 @@ struct evsel *perf_evsel__new_idx(struct perf_event_attr *attr, int idx)
> static bool perf_event_can_profile_kernel(void)
> {
> - return geteuid() == 0 || perf_event_paranoid() == -1;
> + return perf_event_paranoid_check(-1);
> }
While looking at your changes I think the pre-existing code is wrong,
i.e. the check in sys_perf_event_open(), in the kernel is:
if (!attr.exclude_kernel) {
if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
return -EACCES;
}
And:
static inline bool perf_paranoid_kernel(void)
{
return sysctl_perf_event_paranoid > 1;
}
So we have to change that perf_event_paranoit_check(-1) to pass 1
instead?
bool perf_event_paranoid_check(int max_level)
{
return perf_cap__capable(CAP_SYS_ADMIN) ||
perf_event_paranoid() <= max_level;
}
Also you defined perf_cap__capable(anything) as:
#ifdef HAVE_LIBCAP_SUPPORT
#include <sys/capability.h>
bool perf_cap__capable(cap_value_t cap);
#else
static inline bool perf_cap__capable(int cap __maybe_unused)
{
return false;
}
#endif /* HAVE_LIBCAP_SUPPORT */
I think we should have:
#else
static inline bool perf_cap__capable(int cap __maybe_unused)
{
return geteuid() == 0;
}
#endif /* HAVE_LIBCAP_SUPPORT */
Right?
So I am removing the introduction of perf_cap__capable() from the first
patch you sent, leaving it with _only_ the feature detection part, using
that feature detection to do anything is then moved to a separate patch,
after we finish this discussion about what we should fallback to when
libcap-devel isn't available, i.e. we should use the previous checks,
etc.
- Arnaldo
Powered by blists - more mailing lists