This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: Proposal for PR 13128
- From: Josh Stone <jistone at redhat dot com>
- To: "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: Dave Brolley <brolley at redhat dot com>, systemtap at sourceware dot org
- Date: Tue, 27 Sep 2011 12:16:35 -0700
- Subject: Re: Proposal for PR 13128
- References: <4E81F7C1.2070708@redhat.com> <y0mty7xsu5p.fsf@fche.csb>
On 09/27/2011 11:43 AM, Frank Ch. Eigler wrote:
>> We can use the same mechanism up to step 3 for the new privilege
>> level. At step 4, staprun will still verify the module's signature,
>> however staprun now also needs to know for which privilege level the
>> module was approved. [...]
>
> Actually, it doesn't. Since it's signed, staprun can trust the module
> to do the verification itself. It could just pass bit-flags as to the
> invoking user's stapdev|stapkern|stapusr group memberships, and let
> the module itself assess eligibility to run.
We require new code either way -- parsing section contents vs. creating
a new control message to the module. I feel it's more prudent to do as
much as possible before init_module is ever called.