[RFC PATCH 0/1] security: add SECURE_KEEP_FSUID to preserve fsuid/fsgid across execve
James Morris
jmorris at namei.org
Sat Jun 15 03:53:46 UTC 2019
On Sat, 15 Jun 2019, Lubashev, Igor wrote:
> > On Friday, June 14, 2019, James Morris wrote:
> Unfortunately, perf is using uid==0 and euid==0 as a "capability bits".
>
>
> In tools/perf/util/evsel.c:
> static bool perf_event_can_profile_kernel(void)
> {
> return geteuid() == 0 || perf_event_paranoid() == -1;
> }
>
> In tools/perf/util/symbol.c:
> static bool symbol__read_kptr_restrict(void)
> {
> ...
> value = ((geteuid() != 0) || (getuid() != 0)) ?
> (atoi(line) != 0) :
> (atoi(line) == 2);
> ...
> }
These are bugs. They should be checking for CAP_SYS_ADMIN.
>
> > Have you considered the example security configuration in
> > Documentation/admin-guide/perf-security.rst ?
>
> Unfortunately, this configuration does not work, unless you reset
> /proc/sys/kernel/perf_event_paranoid to a permissive level (see code
> above). We have perf_event_paranoid set to 2. If it worked, we could had
> implemented the same capability-based policy in the wrapper.
This is not necessary for a process which has CAP_SYS_ADMIN.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list