search

sosy-lab / cpu-energy-meter

A tool for measuring energy consumption of Intel CPUs
BSD 3-Clause "New" or "Revised" License
321 stars 29 forks source link

Add security precautions #11

Closed PhilippWendler closed 6 years ago

PhilippWendler commented 7 years ago

cpu-energy-meter needs additional privileges, and thus should be careful to not let them be exploited. While this is highly unlikely given that the tool has almost no user interaction, we should still follow best practices.

This includes dropping privileges after we don't need them anymore. For example, after #10 is implemented, we should be able to drop the privileges for opening the device files after the initialization phase. We might even be able to use seccomp to restrict the process to only a few specific syscalls after the initialization phase.

TBunk commented 6 years ago

The provided link is no longer available, though, the topic is well documented here.

I've implemented it in commit 61b695baf3edeed6654648fa9bfacf1a948debb4, though, due to the nature of the methods getgid(), getuid(), etc., this only works when invoking the program without root privileges. However, once issue #7 is implemented, this problem would practically be resolved by itself.

PhilippWendler commented 6 years ago

If I understand this correctly, we could change to nobody/nogroup (numeric id 65534), right?

TBunk commented 6 years ago

As discussed today, the gid and uid is now set to nobody/ nogroup. The changes were made in commit da9746f0a91247fc45ecbdd974cba7dd3794985e.