Provide kernel.perf_event_paranoid sysctl level 3

Bug #1612790 reported by Kees Cook
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Tim Gardner
Yakkety
Fix Released
Undecided
Tim Gardner

Bug Description

The perf subsystem provides a rather large attack surface, and system owners would like a way to disable access to non-root users. This is already being done in Android and Debian, and I'd like to do the same on my Ubuntu systems. :)

https://lkml.org/lkml/2016/1/11/587

Tags: yakkety
Kees Cook (kees)
Changed in linux (Ubuntu):
assignee: nobody → Tim Gardner (timg-tpi)
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1612790

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Yakkety):
status: Incomplete → In Progress
Changed in linux (Ubuntu Yakkety):
importance: Undecided → Medium
tags: added: yakkety
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Yakkety):
importance: Medium → Undecided
status: In Progress → Fix Committed
milestone: none → ubuntu-16.10
Revision history for this message
Tim Gardner (timg-tpi) wrote :

3296990ec94af7bc63af3eef065f148326a86bf5 ('UBUNTU: SAUCE: security,perf: Allow further restriction of perf_event_open') was released in Ubuntu-4.8.0-7.8

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.