This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

important systemtap security fix

From: "Frank Ch. Eigler" <fche at redhat dot com>
To: systemtap at sources dot redhat dot com
Date: Wed, 17 Nov 2010 10:11:07 -0500
Subject: important systemtap security fix

Hi -

On Monday, Tavis Ormandy kindly let us know of two serious problems in
the setuid-root /usr/bin/staprun program.  These have now been patched
in the git repo, and updates are being released for RHEL and Fedora.

Until you install the patches, one workaround would be to remove the
setuid bits from staprun (chmod u-s /usr/bin/staprun), and operate it
only as root.  After the patches, the main end-user difference will be
that current non-root 'stapdev' users (who are root-equivalent in
systemtap powers) would also have to be added to the 'stapusr'
(limited-privilege powers) group.

We are sorry for the inconvenience.

https://bugzilla.redhat.com/show_bug.cgi?id=653606
https://bugzilla.redhat.com/show_bug.cgi?id=653604

- FChE

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]