This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Need some security advice for systemtap


David Smith schrieb:

(...)

Some basic ideas about how we can allow users without sudo access to run "blessed" scripts/modules can be seen at <http://sources.redhat.com/bugzilla/show_bug.cgi?id=4523>,

So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a manner that won't allow a system to be easily compromised. We're in the fairly early stages of this idea, and I'm looking for direction before heading down the wrong road.

Am I right? Is it security based on md5sum?


I'm not sure how easy would it be to "produce" two kernel modules having the same MD5 checksum - but before you continue, you might want to read a short article called "Attacking Hash Functions by Poisoned Messages":

http://www.cits.rub.de/MD5Collisions/


-- Tomasz Chmielewski http://wpkg.org


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]