This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Need some security advice for systemtap

grundy wrote:
I think a good way to handle it would be to have a configuration file
like /etc/sudoers and setuid root stap (or staprun). The access control
would then be built into systemtap.

Here are my ideas of what would make a "good" set of controls:

 - level of tap script they can run, e.g. guru mode code or not
 - sections of the kernel they can access (maybe this is
   better represented as what tapsets may they use)
 - how much overhead are they allowed to put on the system
 - are they allowed to look at data for other user's processes
 - are they allowed to reference line #'s or direct memory addrs

That sounds nice, but I'm worried about implementing such a feature correctly, on at least two levels. First, you assume that systemtap can correctly characterize the effects a script will have on the system. Then you want to add an ACL system into systemtap based on those effects.

One advantage the proposed system has is that there *is* a human in the loop, a root user who will (hopefully) look at a script and check it out before "blessing" it.

--
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]