| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Apr 2020 13:51:49 -0300
From: Arnaldo Carvalho de Melo <acme@...nel.org>
To: Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Jiri Olsa <jolsa@...nel.org>, Namhyung Kim <namhyung@...nel.org>,
Clark Williams <williams@...hat.com>,
linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
Alexey Budankov <alexey.budankov@...ux.intel.com>,
James Morris <jamorris@...ux.microsoft.com>,
Helge Deller <deller@....de>,
Alexei Starovoitov <ast@...nel.org>,
Andi Kleen <ak@...ux.intel.com>,
Igor Lubashev <ilubashe@...mai.com>,
Jiri Olsa <jolsa@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Serge Hallyn <serge@...lyn.com>,
Song Liu <songliubraving@...com>,
Stephane Eranian <eranian@...gle.com>,
intel-gfx@...ts.freedesktop.org, linux-doc@...r.kernel.org,
linux-man@...r.kernel.org, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, Arnaldo Carvalho de Melo <acme@...hat.com>
Subject: [PATCH 12/26] parisc/perf: open access for CAP_PERFMON privileged process
From: Alexey Budankov <alexey.budankov@...ux.intel.com>
Open access to monitoring for CAP_PERFMON privileged process. Providing
the access under CAP_PERFMON capability singly, without the rest of
CAP_SYS_ADMIN credentials, excludes chances to misuse the credentials
and makes operation more secure.
CAP_PERFMON implements the principle of least privilege for performance
monitoring and observability operations (POSIX IEEE 1003.1e 2.2.2.39
principle of least privilege: A security design principle that states
that a process or program be granted only those privileges (e.g.,
capabilities) necessary to accomplish its legitimate function, and only
for the time that such privileges are actually required)
For backward compatibility reasons access to the monitoring remains open
for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN usage for
secure monitoring is discouraged with respect to CAP_PERFMON capability.
Signed-off-by: Alexey Budankov <alexey.budankov@...ux.intel.com>
Reviewed-by: James Morris <jamorris@...ux.microsoft.com>
Acked-by: Helge Deller <deller@....de>
Cc: Alexei Starovoitov <ast@...nel.org>
Cc: Andi Kleen <ak@...ux.intel.com>
Cc: Igor Lubashev <ilubashe@...mai.com>
Cc: Jiri Olsa <jolsa@...hat.com>
Cc: Namhyung Kim <namhyung@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Serge Hallyn <serge@...lyn.com>
Cc: Song Liu <songliubraving@...com>
Cc: Stephane Eranian <eranian@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: intel-gfx@...ts.freedesktop.org
Cc: linux-doc@...r.kernel.org
Cc: linux-man@...r.kernel.org
Cc: linux-security-module@...r.kernel.org
Cc: selinux@...r.kernel.org
Link: http://lore.kernel.org/lkml/8cc98809-d35b-de0f-de02-4cf554f3cf62@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
arch/parisc/kernel/perf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/parisc/kernel/perf.c b/arch/parisc/kernel/perf.c
index e1a8fee3ad49..d46b6709ec56 100644
--- a/arch/parisc/kernel/perf.c
+++ b/arch/parisc/kernel/perf.c
@@ -300,7 +300,7 @@ static ssize_t perf_write(struct file *file, const char __user *buf,
else
return -EFAULT;
- if (!capable(CAP_SYS_ADMIN))
+ if (!perfmon_capable())
return -EACCES;
if (count != sizeof(uint32_t))
--
2.21.1
Powered by blists - more mailing lists