This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

SystemTap / kprobes to watch for other probes?

From: Nathan DeBardeleben <ndebard at lanl dot gov>
To: "systemtap at sources dot redhat dot com" <systemtap at sources dot redhat dot com>
Date: Thu, 21 Dec 2006 11:56:02 -0700
Subject: SystemTap / kprobes to watch for other probes?

Something I was wondering about is whether it would be possible to write a SystemTap script that watched for other kprobes to be inserted and to log them somehow. I'm a bit concerned about the security implications of having kprobes turned on in the kernel and the fact that if someone were able to insert a probe they could basically hide themselves by hiding their module in the module list and doing assorted other nefarious things. If there was a way to write a probe that was always inserted which just logged when a another probe was inserted I thought that might be a neat thing.

Any thoughts on this?

--
-- Nathan
Correspondence
---------------------------------------------------------------------
Nathan DeBardeleben, Ph.D.
Los Alamos National Laboratory
Parallel Tools Team
High Performance Computing Environments
phone: 505-667-3428
email: ndebard@lanl.gov
---------------------------------------------------------------------

Follow-Ups:
- Re: SystemTap / kprobes to watch for other probes?
  - From: James Dickens

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]