This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug runtime/5716] staprun/stapio setuid/capability simplification
- From: "hunt at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 4 Feb 2008 16:40:13 -0000
- Subject: [Bug runtime/5716] staprun/stapio setuid/capability simplification
- References: <20080202174830.5716.fche@redhat.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From hunt at redhat dot com 2008-02-04 16:40 -------
(In reply to comment #0)
I think a simpler, more secure approach would be to simply separate the module
removal and build it as a standalone suid program. It would check the user was
in stapusr or stapdev, verify the module that was requested to be unloaded was a
systemtap module, then unload it. That allows staprun to do some quick setup,
load the module, then drop all capabilities (if we use them), fork stapio, and
exit. Stapio would exec the module unloader when it got ^C or an exit message
from the module.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=5716
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.