This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: dwarf unwinder branch


Hi -


hunt wrote:

> [...]
> > > * stapio now can send unwind data when requested.  stapio is running as
> > > a normal user and perhaps not secure, but I think the best a hacker
> > > could do would be to fool systemtap into making inaccurate backtraces.
> > 
> > I suspect this part will not become trustworthy enough to rely on, as
> > it gives an unprivileged user the capability to send a big complicated
> > data blob to the kernel.  [...]
> 
> As this would only happen once per module load, it is hard to see how
> the load would be significant enough to cause a Dos.  The whole module
> loading process is a much bigger load on the system.  If you want to
> kill the system, just load a bunch of large systemtap modules, no unwind
> data needed.

The scenario to worry about is that of an unprivileged user (stapusr
for now, not even that later) running stapio in a malevolent way.  She
will have no power to load arbitrary kernel modules, but if she has a
way of sending unbounded amounts of userspace unwind data, we could
have a problem.


> And if you aren't trusting unwind data sent from userspace, how do you
> plan to handle debugging of user applications?  Where will their unwind
> data come from?

It's not all settled, but it may well be better to compile in even
that data (to enable userspace stap/elfutils to validate it), rather
than to pass it directly to the kernel at run time.

- FChE


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]