[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open

Andrey Savchenko bircoph на altlinux.org
Пн Июн 6 13:31:04 MSK 2022


On Mon, 6 Jun 2022 13:20:40 +0400 Alexey Sheplyakov wrote:
> Hi,
> 
> On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote:
> > > People who actually need security 
> > > 
> > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> > > 2) don't use Linux (so the kernel can be actually audited)
> > > 3) don't exist
> > 
> > I don't get the point of these. If we don't need security why should we
> > bother with user/group processes/filesystems separation and permissions,
> > chrooting, etc. We have a superuser, lets everything run with it!
> 
> 1. In a way we already do (on desktop systems). All applications run with
>    the same uid and have the same permissions. Nothing prevents firefox
>    from sending my private GPG key to $BIG_BROTHER, or removing all files
>    (in $HOME), etc.

Just use firejail.
  
Best regards,
Andrew Savchenko
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : отсутствует
Тип     : application/pgp-signature
Размер  : 833 байтов
Описание: отсутствует
Url     : <http://lists.altlinux.org/pipermail/devel-kernel/attachments/20220606/49ce651e/attachment.bin>


Подробная информация о списке рассылки devel-kernel