Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open

From: Daniel Micay
Date: Tue Aug 02 2016 - 10:19:05 EST

Next message: Baole Ni: "[PATCH 1089/1285] Replace numeric parameter like 0444 with macro"
Previous message: Arnaldo Carvalho de Melo: "Re: [RFC 0/4] tools lib traceevent: Install fixes"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Next in thread: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > So the problem I have with this is that it will completely inhibit
> > development of things like JITs that self-profile to re-compile
> > frequently used code.
>
> Or reimplement strace with sys_perf_event_open(), speeding it up
> greatly
> by not using ptrace (see 'perf trace', one such attempt), combining it
> with sys_bpf(), which can run unpriviledged as well, provides lots of
> possibilities for efficient tooling that would be greatly stiffled by
> such big hammer restrictions :-(

The usage on Android wouldn't impact strace. It's a debugging tool used
over the debugging shell so it could be taught to toggle on unprivileged
access to perf events as the other tools using the API were.

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Baole Ni: "[PATCH 1089/1285] Replace numeric parameter like 0444 with macro"
Previous message: Arnaldo Carvalho de Melo: "Re: [RFC 0/4] tools lib traceevent: Install fixes"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Next in thread: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH 1/2] security, perf: allow further restriction of perf_event_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]