This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: can kprobes be modular?
Vara Prasad wrote:
David Wilder wrote:
Roland McGrath wrote:
I was reading over some things, and it occurred to me that kprobes
ought to
be a loadable kernel module. I don't have any special motivation
for this.
It just seems like an unclean situation that it can't be a module now.
Perhaps many kernels will want to build it in anyway, but I can't
see why
it isn't a module. It's not very big, but neither are many other
things
that are used much more often and are built as modules.
The #ifdef CONFIG_KPROBES sections in e.g. arch/i386/kernel/traps.c
look to
me like things that ought to be enabled unconditionally, so kprobes
or any
other module could use them. Things like register_page_fault_notifier
ought to just be enabled and exported by default.
Thoughts?
Thanks,
Roland
What do we gain by making kprobes a module? The only reason I can
think of is so a system administrator could disable the feature at
will to prevent possible security holes. Any other reasons to do
this?.
Well you need to be a super user today to load a module that makes use
of kprobes interfaces so, i am not sure i understand what is the
security risk you are talking about.
Yes you are correct, I did not mean to imply that kprobes created a
security risk. I was just trying to clarify why we would want to
modularize kprobes.
--
David Wilder
IBM Linux Technology Center
Beaverton, Oregon, USA
dwilder@us.ibm.com
(503)578-3789