On 04.10.2017 08:35, Alexander Nasonov wrote: > Maxime Villard wrote: >> In the first mail, you said that it was better to have a all-or-nothing >> sysctl, which is *exactly* what I just committed. > > Yes, sysctl is better than giving rdtsc to root only. But "better" > alone isn't strong enough to count me as a supporter. > >> In the second one, as a reply to me, you were indeed talking about >> more granular control -- but with vdso, which we don't have, so >> it's basically not doable. > > IMO, it's more important to have vdso than to control rdtsc. > >> (PS: there is no point in having it done in a note section either, since >> unpriv user can still create a binary with rdtsc enabled and side channel >> the kernel.) > > Mount all user-writable partitions with noexec. > An idea borrowed from the OpenBSD approach with wxneeded partition (mount) property. Add fine-grained control over aslr, mprotect, segvguard, rdtsc, compat_* etc as a mount option. With this approach we can grant certain features to individual users or individual groups of people. By default everything could be enforced. I would put my Opera binaries in /home on my desktop. I would benefit from it, being able to test-build language runtimes on a dedicated mount point without shutting off global aslr/mprotect/similar and without debugging why thing break the build and what needs to be touched with paxctl(8).
Attachment:
signature.asc
Description: OpenPGP digital signature