Provide kernel.perf_event_paranoid sysctl level 3

Bug #1612790 reported by Kees Cook on 2016-08-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Tim Gardner
Tim Gardner

Bug Description

The perf subsystem provides a rather large attack surface, and system owners would like a way to disable access to non-root users. This is already being done in Android and Debian, and I'd like to do the same on my Ubuntu systems. :)

Kees Cook (kees) on 2016-08-12
Changed in linux (Ubuntu):
assignee: nobody → Tim Gardner (timg-tpi)

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1612790

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Tim Gardner (timg-tpi) on 2016-08-15
Changed in linux (Ubuntu Yakkety):
status: Incomplete → In Progress
Changed in linux (Ubuntu Yakkety):
importance: Undecided → Medium
tags: added: yakkety
Tim Gardner (timg-tpi) on 2016-08-16
Changed in linux (Ubuntu Yakkety):
importance: Medium → Undecided
status: In Progress → Fix Committed
milestone: none → ubuntu-16.10
Tim Gardner (timg-tpi) wrote :

3296990ec94af7bc63af3eef065f148326a86bf5 ('UBUNTU: SAUCE: security,perf: Allow further restriction of perf_event_open') was released in Ubuntu-4.8.0-7.8

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers