[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open

Vladimir D. Seleznev vseleznv на altlinux.org
Вс Июн 5 16:04:56 MSK 2022


On Sun, Jun 05, 2022 at 11:48:06AM +0400, Alexey Sheplyakov wrote:
> Hello,
> 
> On Thu, Jun 02, 2022 at 07:39:14PM +0300, Dmitry V. Levin wrote:
> > > No, thanks. Profiling on Linux is already more diffucult than it should be
> > > Making things even more complicated is not appreciated at all.
> > 
> > Since the kernel we are talking about is an universal kernel, it has to
> > suit needs of both those who care about basic security and those who do
> > profiling.
> 
> [...]
> 
> People who actually need security 
> 
> 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> 2) don't use Linux (so the kernel can be actually audited)
> 3) don't exist

I don't get the point of these. If we don't need security why should we
bother with user/group processes/filesystems separation and permissions,
chrooting, etc. We have a superuser, lets everything run with it!

1) There are some tricks to significantly reducing impact of
Spectre-like vulnerabilities, like disabling HT, separate processes to
run on different trust-level CPU core, KPTI, etc.
2) The kernel constantly reviewed, sure it is not an audit but some part
are well reviewed,  especially in general parts. The most vulnerable
parts are in the new features (in some we even do not realize the entire
possible impact), complex protocols like USB, WiFi, etc, the modules in
general.

I think it is worth reducing the attack surface. There were known
vulnerabilities in the perf kernel subsystem that allowed to escalate
privileges, and profiling is not a common task. I don't see why
switching the knob is a big problem.

-- 
   WBR,
   Vladimir D. Seleznev


Подробная информация о списке рассылки devel-kernel