This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: Proposal for PR 13128
On 09/27/2011 12:20 PM, Frank Ch. Eigler wrote:
> Hi -
>
> On Tue, Sep 27, 2011 at 12:16:35PM -0700, Josh Stone wrote:
>> [...]
>>> Actually, it doesn't. Since it's signed, staprun can trust the module
>>> to do the verification itself. It could just pass bit-flags as to the
>>> invoking user's stapdev|stapkern|stapusr group memberships, and let
>>> the module itself assess eligibility to run.
>>
>> We require new code either way -- parsing section contents vs. creating
>> a new control message to the module. I feel it's more prudent to do as
>> much as possible before init_module is ever called.
>
> Right, on the other hand, creation of the extra elf data, and its
> signature-related processing, is extra work and a possible source of
> fragility with this approach. Prudence is not clear-cut.
Maybe we ought to do both approaches actually, so there are multiple
chances to prevent things from going wrong...