policy.
It would be good to see more signoffs/reviews, especially from Paul, but
he is busy with the io_uring stuff.
Let's see if anyone else can look at this in the next couple of days.
--
James Morris
al change intended.
>
> Signed-off-by: Emanuele Giuseppe Esposito
Reviewed-by: James Morris
--
James Morris
uld you please share you mind?
Alexey,
It seems some of the previous Acks are not included in this patchset, e.g.
https://lkml.org/lkml/2020/1/22/655
Every patch needs a Reviewed-by or Acked-by from maintainers of the code
being changed.
You have enough from the security folk, but I can't see any included from
the perf folk.
--
James Morris
0
> > > CapPrm: 00440008
> > > CapEff: 00440008 => 01000100 1000
> > > cap_perfmon,cap_sys_ptrace,cap_syslog
> > > CapBnd: 007f
> > > CapAmb:
> > > NoNewPrivs: 0
> > > Seccomp:0
> > > Speculation_Store_Bypass: thread vulnerable
> > > Cpus_allowed: ff
> > > Cpus_allowed_list: 0-7
> > > ...
> > >
> > > Usage of cap_perfmon effectively avoids unused credentials excess:
> > >
> > > - with cap_sys_admin:
> > > CapEff: 007f => 0111
> > >
> > > - with cap_perfmon:
> > > CapEff: 00440008 => 01000100 1000
> > > 38 34 19
> > >perfmon syslog sys_ptrace
> > >
> > > ---
> > > [1] https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html
> > > [2] http://man7.org/linux/man-pages/man7/capabilities.7.html
> > > [3]
> > > https://www.kernel.org/doc/html/latest/process/embargoed-hardware-issues.html
> > > [4] https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
> > > [5]
> > > https://www.kernel.org/doc/html/latest/process/management-style.html#decisions
> > > [6] http://man7.org/linux/man-pages/man8/setcap.8.html
> > > [7] https://git.kernel.org/pub/scm/libs/libcap/libcap.git
> > > [8] https://sites.google.com/site/fullycapable/, posix_1003.1e-990310.pdf
> > > [9] http://man7.org/linux/man-pages/man2/perf_event_open.2.html
> > >
> > ___
> > Intel-gfx mailing list
> > intel-...@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
>
--
James Morris
ned-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
ned-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
ned-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
ned-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
rocesses but CAP_SYS_ADMIN
> usage for secure bpf_trace monitoring is discouraged with respect to
> CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
rocesses but CAP_SYS_ADMIN
> usage for secure i915_events monitoring is discouraged with respect to
> CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
rocesses but CAP_SYS_ADMIN
> usage for secure perf_events monitoring is discouraged with respect to
> CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
ADMIN privileged processes but CAP_SYS_ADMIN
> usage for secure perf_events monitoring is discouraged with respect to
> CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
m
> remains open for CAP_SYS_ADMIN privileged processes but CAP_SYS_ADMIN
> usage for secure perf_events monitoring is discouraged with respect to
> CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
Reviewed-by: James Morris
--
James Morris
d observability subsystems.
Acked-by: James Morris
--
James Morris
IN privileged processes but CAP_SYS_ADMIN usage for
> secure perf_events monitoring is discouraged with respect to CAP_PERFMON
> capability.
>
> Signed-off-by: Alexey Budankov
> ---
> kernel/events/core.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Acked-by: James Morris
--
James Morris
->type)
> return -ENOENT;
>
> - if (!capable(CAP_SYS_ADMIN))
> + if (!perfmon_capable())
> return -EACCES;
>
> /* Return if this is a couting event */
>
Acked-by: James Morris
--
James Morris
ble(CAP_SYS_ADMIN))
> + if (!perfmon_capable())
> return -EPERM;
> if (event->attr.type != PERF_TYPE_TRACEPOINT)
> return -EINVAL;
>
Acked-by: James Morris
--
James Morris
deletions(-)
Acked-by: James Morris
--
James Morris
t CAP_SYS_ADMIN usage for secure
> monitoring is discouraged with respect to CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
> ---
> drivers/oprofile/event_buffer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: James Morris
>
> diff --git a/driv
t CAP_SYS_ADMIN usage for secure
> monitoring is discouraged with respect to CAP_PERFMON capability.
>
> Signed-off-by: Alexey Budankov
> ---
> drivers/perf/arm_spe_pmu.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: James Morris
> diff --git a/drivers
if (!capable(CAP_SYS_ADMIN))
> + if (!perfmon_capable())
> return -EACCES;
>
> if (count != sizeof(uint32_t))
>
Acked-by: James Morris
--
James Morris
rs at all, and
this will work with existing signed modules?
--
James Morris
t; Cc: Steven Rostedt
> Cc: James Morris
> Cc: "Serge E. Hallyn"
> Signed-off-by: Ard Biesheuvel
> ---
> include/linux/init.h | 44 +++-
> init/main.c| 32 +++---
> kernel/printk/printk.c | 16 +++
> security/securi
at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
, I'd hate to see everyone else's code in the
pull request get delayed yet again. James, will it be ok to apply the
update on top of security-next?
I guess?
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
, they don't really describe a high-level security
goal. How do you know it's ok to open everything in these directories?
- James
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo
which will be very useful to current users in reducing their kernel attack
surface.
We should merge that, and the security subsystem discussion can carry on
separately.
- James
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc
(current));
+}
I think it'd be a good idea to utilize the audit facility here.
- James
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
approach it from the seccomp prctl angle it will
be
a limited hack only.
I'd say it's a well-defined and readily understandable feature.
- James
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https
the
attack surface of the sycall interface.
- James
--
James Morris
jmor...@namei.org
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
seats via sponsorship.
- James (co- maintainer/author of several kernel subsystems over 8+ years
and apparently not invited, because ?)
--
James Morris
[EMAIL PROTECTED]
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman
31 matches
Mail list logo