]> git.ipfire.org Git - ipfire-2.x.git/commit - lfs/linux
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 88a7b2d) | patch
Kernel: Block non-UID-0 profiling completely
authorPeter Müller <peter.mueller@ipfire.org>
Fri, 11 Feb 2022 19:42:57 +0000 (19:42 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Mon, 4 Apr 2022 19:58:49 +0000 (19:58 +0000)
commit400c4e8edb63164be1b41cf8cdb4d23026bcf6d9
treedfb3493e80b7289ce3df96516516cce97a0ec6c9tree | snapshot
parent88a7b2d34bc851ac04b2a6a1355ae3bc5bf4cec4commit | diff
Kernel: Block non-UID-0 profiling completely

This is recommended by KSPP, Lynis, and others. Indeed, there is no
legitimate reason why an unprivileged user on IPFire should do any
profiling. Unfortunately, this change never landed in the mainline
kernel, hence a distribution patch is necessary.

The second version of this patch rebases the kernel patch by Jeff
Vander Stoep against Linux 5.15.17 to avoid fuzzying.

Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
config/etc/sysctl.conf diff | blob | blame | history
lfs/linux diff | blob | blame | history
src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch [new file with mode: 0644] blob
IPFire 2.x development tree