This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
The slides are available from http://stapbofh.krunch.be/systemtap-bofh-dc4420-20110323.pdf The actual examples are in the same directory http://stapbofh.krunch.be/ Due to beer consumption I might not have properly answered the questions I got after the talk. Let's try to fix this here: * What language does SystemTap use? Is it D like DTrace? It's a specific language. The concepts and feature are pretty similar to D but the syntax is different. I can't really comment further as I have no practical experience with DTrace. You can find the language reference at http://sourceware.org/systemtap/langref/ and lot of examples at http://sourceware.org/systemtap/examples/ (both also shipped with SystemTap). You can find a comparison table at http://sourceware.org/systemtap/wiki/SystemtapDtraceComparison * Do you need root? The short answer is yes. But then, Christer demonstrated last month that, in general, getting root on a Linux system is not all that hard. Actually you can also allow users that are part of the stapdev or stapusr groups to run arbitrary or "trusted" scripts respectively. This is described in the "SAFETY AND SECURITY" section of the stap(1) manual <http://sourceware.org/systemtap/man/stap.1.html#lbAX>. Yeah, that's more pwnage potential. Report any bugs you find to the SystemTap developers please. * How does it actually work? That depends on what you are instrumenting. For the kernel side it is mostly using kprobes. For the userland side it's uprobes (which is not in the mainline kernel...yet?). Other facilities provided by the kernel may also be used (tracepoints, perf events,...). See "man stapprobes" and /usr/src/linux/Documentation/{kprobes.txt,trace/} <http://sourceware.org/systemtap/man/stapprobes.3stap.html> <http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=tree;f=Documentation> * Can you use it to extract crypto keys from applications? Most probably yes. However you will need an uprobe-enabled kernel (Fedora and RHEL-derived kernels are probably the easiest way to get started) and good debug symbols for the application/library you target (building with a newish gcc version helps). This means it won't work very well with proprietary or obfuscated binaries unless you want to track down the address of whatever you want to observe manually. To instrument "hostile" applications, you may want to have a look at http://code.google.com/p/processtap/ (unrelated to SystemTap). If you end up writing a BOFHesque SystemTap script (OpenSSL and OpenSSH suddenly look like promising targets), I would be happy to hear about it. * What is your window manager? An old version of Ion 3. Don't use it. http://en.wikipedia.org/wiki/Ion_(window_manager)#Controversy
Attachment:
signature.asc
Description: Digital signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |