On Sat, 15 Jun 2019, Lubashev, Igor wrote:

> > On Friday, June 14, 2019, James Morris wrote:

> Unfortunately, perf is using uid==0 and euid==0 as a "capability bits".
>
> 
> In tools/perf/util/evsel.c:
>       static bool perf_event_can_profile_kernel(void)
>       {
>               return geteuid() == 0 || perf_event_paranoid() == -1;
>       }
> 
> In tools/perf/util/symbol.c:
>       static bool symbol__read_kptr_restrict(void)
>       {
>       ...
>               value = ((geteuid() != 0) || (getuid() != 0)) ?
>                               (atoi(line) != 0) :
>                               (atoi(line) == 2);
>       ...
>       }

These are bugs. They should be checking for CAP_SYS_ADMIN.


> 
> > Have you considered the example security configuration in
> > Documentation/admin-guide/perf-security.rst ?
> 
> Unfortunately, this configuration does not work, unless you reset 
> /proc/sys/kernel/perf_event_paranoid to a permissive level (see code 
> above). We have perf_event_paranoid set to 2. If it worked, we could had 
> implemented the same capability-based policy in the wrapper.

This is not necessary for a process which has CAP_SYS_ADMIN.


-- 
James Morris
<jmor...@namei.org>

Reply via email to