This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: dwarf unwinder branch
Hi -
hunt wrote:
> [...]
> > > * stapio now can send unwind data when requested. stapio is running as
> > > a normal user and perhaps not secure, but I think the best a hacker
> > > could do would be to fool systemtap into making inaccurate backtraces.
> >
> > I suspect this part will not become trustworthy enough to rely on, as
> > it gives an unprivileged user the capability to send a big complicated
> > data blob to the kernel. [...]
>
> As this would only happen once per module load, it is hard to see how
> the load would be significant enough to cause a Dos. The whole module
> loading process is a much bigger load on the system. If you want to
> kill the system, just load a bunch of large systemtap modules, no unwind
> data needed.
The scenario to worry about is that of an unprivileged user (stapusr
for now, not even that later) running stapio in a malevolent way. She
will have no power to load arbitrary kernel modules, but if she has a
way of sending unbounded amounts of userspace unwind data, we could
have a problem.
> And if you aren't trusting unwind data sent from userspace, how do you
> plan to handle debugging of user applications? Where will their unwind
> data come from?
It's not all settled, but it may well be better to compile in even
that data (to enable userspace stap/elfutils to validate it), rather
than to pass it directly to the kernel at run time.
- FChE