This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Need some security advice for systemtap
- From: David Smith <dsmith at redhat dot com>
- To: fedora-security-list at redhat dot com
- Cc: Systemtap List <systemtap at sources dot redhat dot com>
- Date: Mon, 04 Jun 2007 14:33:50 -0500
- Subject: Need some security advice for systemtap
I need some security development help (and this might be the wrong list
- if so, please point me in the right direction). I'm one of the
systemtap developers. You can see <http://sourceware.org/systemtap/>
for details, but a 2 second overview is that systemtap allows users to
write a script that probes points in the kernel. systemtap takes the
script, converts it into C, compiles the C into a kernel module, inserts
the kernel module, and displays any output from the compiled script.
When the script finishes, we remove the kernel module.
One of the complaints we get from users is that we require root access
(using sudo) to install/remove the kernel module. Large enterprise
customers typically don't give out sudo access to all admins. So, they
would like a way to designate certain scripts/modules as "blessed", and
allow admins/developers/etc. without root access to run those "blessed"
scripts/modules.
Some basic ideas about how we can allow users without sudo access to run
"blessed" scripts/modules can be seen at
<http://sources.redhat.com/bugzilla/show_bug.cgi?id=4523>,
So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a
manner that won't allow a system to be easily compromised. We're in
the fairly early stages of this idea, and I'm looking for direction
before heading down the wrong road.
Thanks for the help.
--
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)