Bug 10976 - Untrusted uprobes.ko.sig shouldn't be fatal for the privileged
Summary: Untrusted uprobes.ko.sig shouldn't be fatal for the privileged
Status: RESOLVED FIXED
Alias: None
Product: systemtap
Classification: Unclassified
Component: runtime (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Dave Brolley
URL:
Keywords:
Depends on:
Blocks: blockers-1.1
  Show dependency treegraph
 
Reported: 2009-11-17 23:28 UTC by Josh Stone
Modified: 2009-11-24 19:54 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Josh Stone 2009-11-17 23:28:28 UTC 
Users in the stapdev group and root can load their script module regardless of
whether it has an authorized signature, as long as it is not found as
MODULE_ALTERED.  The same should be true for loading uprobes.ko.  (We might even
permit this for stapusr, since it's loading from the installed runtime path...)

A missing or unauthorized uprobes.ko cert should only be fatal for non-root,
non-stapdev users -- i.e. unprivileged users only.
Comment 1 Dave Brolley 2009-11-24 19:54:57 UTC 
commit 7067e1b0418eed528fe2d102654dbe12bb9236af