This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: security for systemtap compiler server

From: "Stone, Joshua I" <joshua dot i dot stone at intel dot com>
To: "Frank Ch. Eigler" <fche at redhat dot com>, <systemtap at sources dot redhat dot com>
Cc: "Steven Grubb" <sgrubb at redhat dot com>
Date: Mon, 9 Jun 2008 15:52:57 -0700
Subject: RE: security for systemtap compiler server
References: <20080609194255.GE4303@redhat.com> <20080609223100.GA19496@redhat.com>

Frank Ch. Eigler wrote:
> Second, it is part of enabling unprivileged users to run systemtap
> scripts that are severely restricted (no kernel probes; only probes on
> one's own processes; that sort of thing).

We can easily classify probe points in this way, but we'll have to be
careful about which tapset functions may be called.  Perhaps we can
bless them with a new keyword, similar to how "pure" works now.

Also, printf %b may have to be disallowed, unless we can find a way to
certify the pointer origin.

> Is all this making sense so far?

The rest that you said sounds good to me...

Josh

References:
- security for systemtap compiler server
  - From: Frank Ch. Eigler
- security for systemtap compiler server
  - From: Frank Ch. Eigler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]