This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: Proposal for PR 13128
- From: fche at redhat dot com (Frank Ch. Eigler)
- To: Dave Brolley <brolley at redhat dot com>
- Cc: systemtap at sourceware dot org
- Date: Tue, 27 Sep 2011 14:43:30 -0400
- Subject: Re: Proposal for PR 13128
- References: <4E81F7C1.2070708@redhat.com>
Hi, Dave -
> With regard to http://sourceware.org/bugzilla/show_bug.cgi?id=13128
Thanks for posting your ideas.
> [...]
> --unprivileged[=stapusr|stapdev]
Or a new option --privilege=stapdev|stapkern|stapusr, with
--unprivileged equivalent to --privilege=stapusr. "stapkern" is the
least bad of my ideas as to what to call this intermediate level.
> We can use the same mechanism up to step 3 for the new privilege
> level. At step 4, staprun will still verify the module's signature,
> however staprun now also needs to know for which privilege level the
> module was approved. [...]
Actually, it doesn't. Since it's signed, staprun can trust the module
to do the verification itself. It could just pass bit-flags as to the
invoking user's stapdev|stapkern|stapusr group memberships, and let
the module itself assess eligibility to run.
- FChE