This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

New Probe Points for Unprivileged Users

From: Dave Brolley <brolley at redhat dot com>
To: SystemTAP <systemtap at sources dot redhat dot com>
Date: Thu, 10 Sep 2009 15:41:54 -0400
Subject: New Probe Points for Unprivileged Users

Hi,

Support for limited probing by unprivileged users (not root, stapdev or stapusr) was recently pushed to our git sources (see the NEWS file). The number and type of probe points available to these users has intentionally been restricted in the early stages of development and testing.

Overall, the philosophy is that an unprivileged user should not be able to use systemtap to affect the system in ways they would not normally be able to or to obtain information that they would not normally be able to obtain.

The current set of allowed probes is:

begin
begin(N)
end()
end(N)
error
error(N)
never
timer.*
process.begin
process.end
process("xxx").begin
process("xxx").end
process(N).begin
process(N).end

where process.* probes are restricted to the user's own processes.

I would like to expand the list of available probes to include the remainder of the process.* probes where, once again, probes are restricted to the user's own processes. Before doing so, I just wanted to double check that this would not be exposing anything in violation of the philosophy mentioned above. If you see any problems with exposing the probe points below to unprivileged users, for their own processes, then please let me know.

Thanks,
Dave
-------------------------------------
process.syscall
process.syscall.return
process.thread.begin
process.thread.end
process("xxx").function("yyy")
process("xxx").function("yyy").inline
process("xxx").function("yyy").call
process("xxx").function("yyy").return
process("xxx").function("yyy").return.maxactive
process("xxx").function("yyy").label("lll")
process("xxx").function(N)
process("xxx").function(N).inline
process("xxx").function(N).call
process("xxx").function(N).return
process("xxx").function(N).return.maxactive
process("xxx").insn
process("xxx").insn.block
process("xxx").mark("mmm")
process("xxx").mark(N)
process("xxx").statement("yyy")
process("xxx").statement(N)
process("xxx").syscall
process("xxx").syscall.return
process("xxx").thread.begin
process("xxx").thread.end
process(N).statement(N).absolute
process(N).statement(N).absolute.return
process(N).insn
process(N).insn.block
process(N).syscall
process(N).syscall.return
process(N).thread.begin
process(N).thread.end

Follow-Ups:
- Re: New Probe Points for Unprivileged Users
  - From: David Smith
- Re: New Probe Points for Unprivileged Users
  - From: Josh Stone

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]