This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug runtime/10033] New: Specify a separate UID/GID for stapio execution
- From: "jistone at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 3 Apr 2009 23:03:25 -0000
- Subject: [Bug runtime/10033] New: Specify a separate UID/GID for stapio execution
- Reply-to: sourceware-bugzilla at sourceware dot org
Currently with staprun's setuid invocation, it will drop back to the real
UID/GID that invoked it before running stapio. However, for some administrative
uses, it may be useful for the data collection to run under some other UID/GID
(which may not even have permission to run staprun).
Commit b516e13a allows this to some extent, so that a sudo staprun can still
drop permissions before running stapio. We could carefully extend this
privilege to setuid invocations as well, perhaps allowed by a new stap group
(stapadm?).
NB: Such a granted privilege would effectively be the same as a password-free,
unrestricted sudo, given stapio's -c option and the runtime's system() call.
That may be no worse than what stapdev lets one do with arbitrary kernel
modules, but this new privilege would be even easier to exploit.
See also:
http://sources.redhat.com/ml/systemtap/2009-q2/msg00065.html
http://sources.redhat.com/ml/systemtap/2009-q2/msg00104.html
--
Summary: Specify a separate UID/GID for stapio execution
Product: systemtap
Version: unspecified
Status: NEW
Severity: enhancement
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: jistone at redhat dot com
CC: roland at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=10033
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.