This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
RE: security for systemtap compiler server
- From: "Stone, Joshua I" <joshua dot i dot stone at intel dot com>
- To: "Frank Ch. Eigler" <fche at redhat dot com>, <systemtap at sources dot redhat dot com>
- Cc: "Steven Grubb" <sgrubb at redhat dot com>
- Date: Mon, 9 Jun 2008 15:52:57 -0700
- Subject: RE: security for systemtap compiler server
- References: <20080609194255.GE4303@redhat.com> <20080609223100.GA19496@redhat.com>
Frank Ch. Eigler wrote:
> Second, it is part of enabling unprivileged users to run systemtap
> scripts that are severely restricted (no kernel probes; only probes on
> one's own processes; that sort of thing).
We can easily classify probe points in this way, but we'll have to be
careful about which tapset functions may be called. Perhaps we can
bless them with a new keyword, similar to how "pure" works now.
Also, printf %b may have to be disallowed, unless we can find a way to
certify the pointer origin.
> Is all this making sense so far?
The rest that you said sounds good to me...
Josh