lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 1 Jul 2022 10:55:30 +0200
From:   Peter Zijlstra <peterz@...radead.org>
To:     Ian Rogers <irogers@...gle.com>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Thomas Richter <tmricht@...ux.ibm.com>,
        Claire Jensen <cjense@...gle.com>,
        linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
        Stephane Eranian <eranian@...gle.com>, ben@...adent.org.uk
Subject: Re: [PATCH] perf test: Skip for paranoid 3

On Thu, Jun 30, 2022 at 01:59:54PM -0700, Ian Rogers wrote:
> On Thu, Jun 30, 2022 at 2:11 AM Peter Zijlstra <peterz@...radead.org> wrote:
> >
> > On Tue, Jun 28, 2022 at 08:40:07PM -0700, Ian Rogers wrote:
> > > Add skip tests for paranoid level being 3.
> > > Rather than skipping lines starting "Failed", skip lines containing
> > > "failed" - making the behavior consistent with the previous python
> > > version.
> >
> > paranoid 3 is an out of tree patch.
> 
> Thanks, what is the right way to resolve this? My desktop appears to
> be carrying the patch and I'd like the tests to be as green as
> possible.

Then you desktop is probably running a Debian or derivative distro
kernel. You can run your own kernel, or ask the Debian team to ditch
their hack and use the LSM hooks to further limit perf usage if they
feel this is required.

The big advantage of the LSM hooks is that they can explicitly
white-list the perf binary while dis-allowing random users access to the
syscall. That way perf will still work but the possible exploit
potential is much reduced.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ