On Sat, Dec 05, 2020 at 12:05:32PM -0600, Eric W. Biederman wrote: > I am trying to understand why the permission check is there.
It's about observability, is task A allowed to observe state of task B? By installing a perf event on another task, we can very accurately tell what it's doing, and isn't fundamentally different from attaching a debugger (ie. ptrace). Therefore we chose to use the same security checks. As is good custom, one does security checks early. Then Jann came and observed that race against execve mucking with privs, and we got to hold that mutex across lots. That patch I proposed earlier should solve that all.
