[d-kernel] [PATCH] UBUNTU: SAUCE: security, perf: Allow further restriction of perf_event_open

[Vladimir D. Seleznev]

On Mon, Jun 06, 2022 at 03:54:00PM +0300, Vladimir D. Seleznev wrote:
> On Mon, Jun 06, 2022 at 01:20:40PM +0400, Alexey Sheplyakov wrote:
> > Hi,
> > 
> > On Sun, Jun 05, 2022 at 04:04:56PM +0300, Vladimir D. Seleznev wrote:
> > > > People who actually need security 
> > > > 
> > > > 1) don't use out-of-order CPUs (to avoid Meltdown, Spectre, etc)
> > > > 2) don't use Linux (so the kernel can be actually audited)
> > > > 3) don't exist
> > > 
> > > I don't get the point of these. If we don't need security why should we
> > > bother with user/group processes/filesystems separation and permissions,
> > > chrooting, etc. We have a superuser, lets everything run with it!
> > 
> > 1. In a way we already do (on desktop systems). All applications run with
> >    the same uid and have the same permissions. Nothing prevents firefox
> >    from sending my private GPG key to $BIG_BROTHER, or removing all files
> >    (in $HOME), etc.
> 
> I run firefox instanses and every semi-trusted applications with
> different uids, so none of them can still my GPG or any other secrets or
                                      ^ steal /* fixed */
> corrupt my $HOME (until really bad things happen):

-- 
   WBR,
   Vladimir D. Seleznev