On 06/26/2015 03:23 PM, Brian Gerst wrote: > On Fri, Jun 26, 2015 at 1:52 PM, Prarit Bhargava <pra...@redhat.com> wrote: >> Customers write system monitoring software for single systems as well as >> clusters. In load-balancing software it is useful to know how "busy" a >> core is. Unfortunately the only way to get this data is to run as root, >> or use setcap to allow userspace access for particular programs. Both of >> these options are clunky at best. >> >> This patch allows read access to the msr dev files which should be okay. >> No damage can be done by reading the MSR values and it allows non-root >> users to run system monitoring software. >> >> The turbostat code specifically checks for CAP_SYS_RAWIO, which it >> shouldn't have to and I've removed that code. Additionally I've modified >> the turbostat man page to remove documentation about configuring >> CAP_SYS_RAW_IO. >> >> Note: Write access to msr is still restricted with this patch. > > Allowing unrestricted read access to all MSRs is wrong. Some MSRs > contain addresses of kernel data structures, which can be used in > security exploits. > > The proper way to do this is to write a driver to only expose the MSRs > that the user tools need, and nothing else.
Will do -- At least I got everyone's attention with this :). P. > > -- > Brian Gerst > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
