[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open

[Alexey Sheplyakov]

On Mon, Jun 06, 2022 at 01:31:04PM +0300, Andrey Savchenko wrote:
> On Mon, 6 Jun 2022 13:20:40 +0400 Alexey Sheplyakov wrote:
> > Hi,
> > 
> > On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote:
> > > > People who actually need security 
> > > > 
> > > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> > > > 2) don't use Linux (so the kernel can be actually audited)
> > > > 3) don't exist
> > > 
> > > I don't get the point of these. If we don't need security why should we
> > > bother with user/group processes/filesystems separation and permissions,
> > > chrooting, etc. We have a superuser, lets everything run with it!
> > 
> > 1. In a way we already do (on desktop systems). All applications run with
> >    the same uid and have the same permissions. Nothing prevents firefox
> >    from sending my private GPG key to $BIG_BROTHER, or removing all files
> >    (in $HOME), etc.
> 
> Just use firejail.

You mean this one

https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt ?

No, thanks.