This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Need some security advice for systemtap

From: David Smith <dsmith at redhat dot com>
To: Tomasz Chmielewski <mangoo at wpkg dot org>
Cc: fedora-security-list at redhat dot com, Systemtap List <systemtap at sources dot redhat dot com>
Date: Tue, 05 Jun 2007 15:39:45 -0500
Subject: Re: Need some security advice for systemtap
References: <4664691E.7010803@redhat.com> <466522FF.8080801@wpkg.org>

Tomasz Chmielewski wrote:

David Smith schrieb:

(...)

Some basic ideas about how we can allow users without sudo access to run "blessed" scripts/modules can be seen at <http://sources.redhat.com/bugzilla/show_bug.cgi?id=4523>,

So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a manner that won't allow a system to be easily compromised. We're in the fairly early stages of this idea, and I'm looking for direction before heading down the wrong road.
Am I right? Is it security based on md5sum?

That was the basic idea. It would be easy enough to substitute a better hash function - I'm guessing one of the shaXXXsum would be more robust.

--
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

References:
- Need some security advice for systemtap
  - From: David Smith
- Re: Need some security advice for systemtap
  - From: Tomasz Chmielewski

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]