Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <e7fd5492-f48e-7696-f894-a3ab60479ac5@linux.intel.com>
Date: Mon, 3 Dec 2018 12:42:09 +0300
From: Alexey Budankov <alexey.budankov@...ux.intel.com>
To: Jonathan Corbet <corbet@....net>, Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>, Kees Cook <keescook@...omium.org>,
 Jann Horn <jannh@...gle.com>, Ingo Molnar <mingo@...hat.com>,
 Andi Kleen <ak@...ux.intel.com>,
 Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
 Jiri Olsa <jolsa@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>,
 Mark Rutland <mark.rutland@....com>, Tvrtko Ursulin <tursulin@...ulin.net>,
 linux-kernel <linux-kernel@...r.kernel.org>,
 "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
 "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>
Subject: Re: [PATCH v4 1/2] Documentation/admin-guide: introduce
 perf-security.rst file

Hi Peter,

On 27.11.2018 22:13, Alexey Budankov wrote:
> On 27.11.2018 21:11, Jonathan Corbet wrote:
>> On Tue, 27 Nov 2018 11:15:37 +0300
>> Alexey Budankov <alexey.budankov@...ux.intel.com> wrote:
>>
>>> +To perform security checks, the Linux implementation splits processes into two
>>> +categories [6]_ : a) privileged processes (whose effective user ID is 0, referred
>>> +to as superuser or root), and b) unprivileged processes (whose effective UID is
>>> +nonzero). Privileged processes bypass all kernel security permission checks so
>>> +perf_events performance monitoring is fully available to privileged processes
>>> +without access, scope and resource restrictions.
>>> +
>>> +Unprivileged processes are subject to a full security permission check based on
>>> +the process's credentials [5]_ (usually: effective UID, effective GID, and
>>> +supplementary group list).
>>> +
>>> +Linux divides the privileges traditionally associated with superuser into
>>> +distinct units, known as capabilities [6]_ , which can be independently enabled
>>> +and disabled on per-thread basis for processes and files of unprivileged users.
>>> +
>>> +Unprivileged processes with enabled CAP_SYS_ADMIN capability are treated as
>>> +privileged processes with respect to perf_events performance monitoring and
>>> +bypass *scope* permissions checks in the kernel.
>>> +
>>> +Unprivileged processes using perf_events system call API is also subject for
>>> +PTRACE_MODE_READ_REALCREDS ptrace access mode check [7]_ , whose outcome
>>> +determines whether monitoring is permitted. So unprivileged processes provided
>>> +with CAP_SYS_PTRACE capability are effectively permitted to pass the check.
>>
>> It's good to have more information here.  I could certainly quibble
>> further with things - a process with CAP_SYS_ADMIN is not "unprivileged"!
>> - but I don't want to stand in the way of this any further.  I *would*
>> still like to see an ack from the perf world, though.
> 
> Thanks for meaningful comments! Looking forward to ack from perf world.

May I ask you to review v4 of the patches? 
Your comments on v1 have been addressed in there.

Thanks,
Alexey

> 
>>
>> With regard to Kees's comment on merging the two patches; I would probably
>> add the new document to index.rst in the same patch, but it doesn't matter
>> that much.  Not worth redoing the patch just for that.
> 
> Thanks,
> Alexey
> 
>>
>> jon
>>
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.