This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug runtime/5716] staprun/stapio setuid/capability simplification

From: "hunt at redhat dot com" <sourceware-bugzilla at sourceware dot org>
To: systemtap at sources dot redhat dot com
Date: 4 Feb 2008 16:40:13 -0000
Subject: [Bug runtime/5716] staprun/stapio setuid/capability simplification
References: <20080202174830.5716.fche@redhat.com>
Reply-to: sourceware-bugzilla at sourceware dot org

------- Additional Comments From hunt at redhat dot com  2008-02-04 16:40 -------
(In reply to comment #0)

I think a simpler, more secure approach would be to simply separate the module
removal and build it as a standalone suid program.  It would check the user was
in stapusr or stapdev, verify the module that was requested to be unloaded was a
systemtap module, then unload it.  That allows staprun to do some quick setup,
load the module, then drop all capabilities (if we use them), fork stapio, and
exit. Stapio would exec the module unloader when it got ^C or an exit message
from the module.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=5716

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

References:
- [Bug runtime/5716] New: staprun/stapio setuid/capability simplification
  - From: fche at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]