This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Proposal for PR 13128

From: Josh Stone <jistone at redhat dot com>
To: "Frank Ch. Eigler" <fche at redhat dot com>
Cc: Dave Brolley <brolley at redhat dot com>, systemtap at sourceware dot org
Date: Tue, 27 Sep 2011 12:34:58 -0700
Subject: Re: Proposal for PR 13128
References: <4E81F7C1.2070708@redhat.com> <y0mty7xsu5p.fsf@fche.csb> <4E822113.9010200@redhat.com> <20110927192015.GB31804@redhat.com>

On 09/27/2011 12:20 PM, Frank Ch. Eigler wrote:
> Hi -
> 
> On Tue, Sep 27, 2011 at 12:16:35PM -0700, Josh Stone wrote:
>> [...]
>>> Actually, it doesn't.  Since it's signed, staprun can trust the module
>>> to do the verification itself.  It could just pass bit-flags as to the
>>> invoking user's stapdev|stapkern|stapusr group memberships, and let
>>> the module itself assess eligibility to run.
>>
>> We require new code either way -- parsing section contents vs. creating
>> a new control message to the module.  I feel it's more prudent to do as
>> much as possible before init_module is ever called.
> 
> Right, on the other hand, creation of the extra elf data, and its
> signature-related processing, is extra work and a possible source of
> fragility with this approach.  Prudence is not clear-cut.

Maybe we ought to do both approaches actually, so there are multiple
chances to prevent things from going wrong...

References:
- Proposal for PR 13128
  - From: Dave Brolley
- Re: Proposal for PR 13128
  - From: Frank Ch. Eigler
- Re: Proposal for PR 13128
  - From: Josh Stone
- Re: Proposal for PR 13128
  - From: Frank Ch. Eigler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]