[Ksummit-discuss] [CORE TOPIC] Kernel tinification: shrinking the kernel and avoiding size regressions
Dave Jones
davej at redhat.com
Fri May 2 21:03:08 UTC 2014
On Fri, May 02, 2014 at 09:45:18PM +0100, Ben Hutchings wrote:
> On Fri, 2014-05-02 at 15:49 -0400, Dave Jones wrote:
> > To use just one example, on certain systems I'd love to be able to just
> > turn off sys_perf_event_open given what a trainwreck of vulnerabilities it's been
> > over the last few years [comedy: it is actually a config option, but x86
> > 'selects' it, so you'll have it and you'll like it].
> > Thankfully at least the scarier parts of it are now hidden behind the
> > paranoid sysctl.
>
> I have considered proposing perf_event_paranoid=3 to disable it
> completely for non-root.
Doesn't seem too crazy an idea to me.
> > It's this "not used by every user" code that tends to scare me, because
> > it's written with 1-2 well behaved bits of userspace in mind, which
> > usually means "has so many unchecked corner cases it's not even funny"
> [...]
>
> Since Michael often seems to be the one testing those corner cases while
> writing documentation, it seems like you're getting back to the old
> issue of whether lack of documentation should be a blocker for adding
> new system calls.
That, and test cases.
Dave
More information about the Ksummit-discuss
mailing list