summaryrefslogtreecommitdiffstats
path: root/Documentation/sysctl
diff options
context:
space:
mode:
authorAndy Lutomirski <luto@kernel.org>2016-05-10 00:48:51 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2016-05-10 02:57:12 +0200
commit0161028b7c8aebef64194d3d73e43bc3b53b5c66 (patch)
tree6e7ffbfc92345548730fb7b33f8168760f99fa28 /Documentation/sysctl
parentMerge branch 'akpm' (patches from Andrew) (diff)
downloadlinux-0161028b7c8aebef64194d3d73e43bc3b53b5c66.tar.xz
linux-0161028b7c8aebef64194d3d73e43bc3b53b5c66.zip
perf/core: Change the default paranoia level to 2
Allowing unprivileged kernel profiling lets any user dump follow kernel control flow and dump kernel registers. This most likely allows trivial kASLR bypassing, and it may allow other mischief as well. (Off the top of my head, the PERF_SAMPLE_REGS_INTR output during /dev/urandom reads could be quite interesting.) Signed-off-by: Andy Lutomirski <luto@kernel.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Documentation/sysctl')
-rw-r--r--Documentation/sysctl/kernel.txt2
1 files changed, 1 insertions, 1 deletions
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 57653a44b128..fcddfd5ded99 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -645,7 +645,7 @@ allowed to execute.
perf_event_paranoid:
Controls use of the performance events system by unprivileged
-users (without CAP_SYS_ADMIN). The default value is 1.
+users (without CAP_SYS_ADMIN). The default value is 2.
-1: Allow use of (almost) all events by all users
>=0: Disallow raw tracepoint access by users without CAP_IOC_LOCK