Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Jun 2016 08:54:27 +0200
From: Peter Zijlstra <>
To: Kees Cook <>
Cc: Ingo Molnar <>,
	Arnaldo Carvalho de Melo <>,
	Alexander Shishkin <>,
	"" <>,
	"" <>,
	LKML <>
Subject: Re: [PATCH 2/2] security,perf: Allow further
 restriction of perf_event_open

On Thu, Jun 16, 2016 at 03:27:55PM -0700, Kees Cook wrote:
> Hi guys,
> This patch wasn't originally CCed to you (I'm fixing that now). Would
> you consider taking this into the perf tree? 


> It's been in active use
> in both Debian and Android for a while now.

Very nice of you all to finally inform us I suppose :/

> >>> When kernel.perf_event_open is set to 3 (or greater), disallow all
> >>> access to performance events by users without CAP_SYS_ADMIN.
> >>> Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
> >>> makes this value the default.
> >>>
> >>> This is based on a similar feature in grsecurity
> >>> (CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
> >>> the variable read-only.  It also allows enabling further restriction
> >>> at run-time regardless of whether the default is changed.

This Changelog is completely devoid of information. _WHY_ are you doing

Also, hate the CONFIG.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.