From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Daniel Micay <danielmicay@gmail.com>
Cc: kernel-hardening@lists.openwall.com,
Kees Cook <keescook@chromium.org>, Ingo Molnar <mingo@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
linux-doc@vger.kernel.org, Jiri Olsa <jolsa@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Namhyung Kim <namhyung@kernel.org>,
David Ahern <dsahern@gmail.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [kernel-hardening] [PATCH 2/2] security,perf: Allow further restriction of perf_event_open
Date: Fri, 17 Jun 2016 17:00:50 -0300 [thread overview]
Message-ID: <20160617200050.GL13337@kernel.org> (raw)
In-Reply-To: <1466180207.849.50.camel@gmail.com>
Em Fri, Jun 17, 2016 at 12:16:47PM -0400, Daniel Micay escreveu:
> On Fri, 2016-06-17 at 08:54 +0200, Peter Zijlstra wrote:
> > This Changelog is completely devoid of information. _WHY_ are you
> > doing this?
> Attack surface reduction. It's possible to use seccomp-bpf for some
> limited cases, but it's not flexible enough. There are lots of
> information leaks and local privilege escalation vulnerabilities via
> perf events, yet on most Linux installs it's not ever being used. So
> turning it off by default on those installs is an easy win. The holes
> are reduced to root -> kernel (and that's not a meaningful boundary in
> mainline right now - although as is the case here, Debian has a bunch of
> securelevel patches for that).
Is ptrace also disabled on such systems, or any of the other more recent
syscalls? The same arguments could probably be used to disable those:
reduce attack surface, possibly the new ones have bugs as they are
relatively new and it takes a long time for new syscalls to be more
generally used, if we go on disabling them in such a way, they will
probably never get used :-\
Wouldn't the recent bump in perf_event_paranoid to 2 enough? I.e. only
allow profiling of user tasks?
Or is there something more specific that we should disable/constrain to
reduce such surface contact without using such a big hammer?
- Arnaldo
next prev parent reply other threads:[~2016-06-17 20:00 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-11 15:19 [kernel-hardening] [PATCH 0/2] Document and extend kernel.perf_event_paranoid Ben Hutchings
2016-01-11 15:19 ` Ben Hutchings
2016-01-11 15:21 ` [kernel-hardening] [PATCH 1/2] Documentation,perf: Document the perf sysctls Ben Hutchings
2016-01-11 15:21 ` Ben Hutchings
2016-01-11 15:23 ` [kernel-hardening] [PATCH 2/2] security,perf: Allow further restriction of perf_event_open Ben Hutchings
2016-01-11 15:23 ` Ben Hutchings
2016-04-13 16:12 ` [kernel-hardening] " Kees Cook
2016-06-04 20:49 ` Jeffrey Vander Stoep
2016-06-16 22:27 ` Kees Cook
2016-06-17 6:54 ` Peter Zijlstra
2016-06-17 16:16 ` Daniel Micay
2016-06-17 20:00 ` Arnaldo Carvalho de Melo [this message]
2016-06-18 0:51 ` Daniel Micay
2016-06-04 20:56 ` Jeffrey Vander Stoep
2016-06-17 5:56 ` [kernel-hardening] " Alexander Shishkin
2016-06-17 5:56 ` Alexander Shishkin
2016-06-17 12:18 ` [kernel-hardening] " Ben Hutchings
2016-06-17 12:18 ` Ben Hutchings
2016-06-17 15:24 ` [kernel-hardening] " Daniel Micay
2016-01-19 21:35 ` [PATCH RESEND] perf: Document the perf sysctls Ben Hutchings
2016-01-21 14:25 ` Arnaldo Carvalho de Melo
2016-02-03 10:08 ` [tip:perf/core] perf tools: " tip-bot for Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160617200050.GL13337@kernel.org \
--to=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=danielmicay@gmail.com \
--cc=dsahern@gmail.com \
--cc=jolsa@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.