This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: How does embedded C + annotations + privileges really play together?
I wrote, incompletely:
> The /* guru */ markup is useful in embedded-C functions in the tapset.
> Normally, embedded-C code in the tapset is allowed to be called,
> without stap -g guru mode, because it is presumed to be
> safely/competently written. These are usually for direct invocation
> from within the tapset handlers themselves.
I meant to add:
They are safe to call with valid input, though may expose private
data. Because of these presumptions, unprivileged users may not run
them. Privileged users may, but need to be careful.
Contrast this with embedded-C functions declared with /* guru */.
They are unsafe for general use, even by privileged users. They are
only intended for special cases and/or expert users, requiring stap -g.
> Such functions may not be invoked from --privilege=stapusr mode at
> all, unless they are instead marked /* unprivileged */. These
I meant to continue:
... functions are unusually robustly written, with the possibility in
mind that inputs are malevolent. (It would not make sense to mark
an embedded-C function both /* guru */ and /* unprivileged */, in the
same way it doesn't make sense to run "stap -g --privilege=stapusr".
- FChE