sourceware.org Git - systemtap.git/commit

]> sourceware.org Git - systemtap.git/commit

git://sourceware.org / systemtap.git / commit

author	Martin Cermak <mcermak@redhat.com>
	Fri, 26 Apr 2024 15:09:45 +0000 (17:09 +0200)
committer	Martin Cermak <mcermak@redhat.com>
	Fri, 26 Apr 2024 15:22:26 +0000 (17:22 +0200)
commit	be7e131bdedb20ad690fdc83a52d74041abd0e54
tree	ae608ef67c1a62487c0f5234f92295d7b937cbb2	tree
parent	eca076695cac0191d5c76ff6764cebaeb09fe25e	commit \| diff

PR30321 Privilege separation if invoked as root

Provide new command line switch 'stap --build-as' that allows for
running passes 1-4 under an unprivileged user.  In case this switch
is specified, systemtap forks and runs passes 1-4 under the specified
user.  At the RPM install time a new user 'stapunpriv' is created, and
can be used with 'stap --build-as=stapunpriv'. If '--build-as' isn't
specified, systemtap behaves the traditional way, no forking happens.

This commit is a preparatory step.  Further work is supposed to happen
so that the privilege separation brings a true improvement from the
security perspective.

13 files changed:

cmdline.cxx		diff \| blob \| blame \| history
cmdline.h		diff \| blob \| blame \| history
interactive.cxx		diff \| blob \| blame \| history
main.cxx		diff \| blob \| blame \| history
man/stap.1.in		diff \| blob \| blame \| history
remote.cxx		diff \| blob \| blame \| history
remote.h		diff \| blob \| blame \| history
session.cxx		diff \| blob \| blame \| history
session.h		diff \| blob \| blame \| history
systemtap.spec		diff \| blob \| blame \| history
translate.cxx		diff \| blob \| blame \| history
util.cxx		diff \| blob \| blame \| history
util.h		diff \| blob \| blame \| history

systemtap: system-wide probe/trace tool

RSS Atom

This page took 0.030554 seconds and 5 git commands to generate.