This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug runtime/10033] New: Specify a separate UID/GID for stapio execution


Currently with staprun's setuid invocation, it will drop back to the real
UID/GID that invoked it before running stapio.  However, for some administrative
uses, it may be useful for the data collection to run under some other UID/GID
(which may not even have permission to run staprun).

Commit b516e13a allows this to some extent, so that a sudo staprun can still
drop permissions before running stapio.  We could carefully extend this
privilege to setuid invocations as well, perhaps allowed by a new stap group
(stapadm?).

NB: Such a granted privilege would effectively be the same as a password-free,
unrestricted sudo, given stapio's -c option and the runtime's system() call. 
That may be no worse than what stapdev lets one do with arbitrary kernel
modules, but this new privilege would be even easier to exploit.

See also:
http://sources.redhat.com/ml/systemtap/2009-q2/msg00065.html
http://sources.redhat.com/ml/systemtap/2009-q2/msg00104.html

-- 
           Summary: Specify a separate UID/GID for stapio execution
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: runtime
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: jistone at redhat dot com
                CC: roland at redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=10033

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]