This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Proposal for PR 13128

On 09/27/2011 02:22 PM, Josh Stone wrote:

re: Adding an elf section to the module in order to identify the privilege level 

For the data I suggest just the unprivileged group name, so
staprun can be ignorant of the underlying policy.  Just read the group,
check that the user is a member of that group, and proceed.

I agree with the suggested content of the data (the group name of the privilege level), however, things still not might not be that simple for staprun, unless we enforce that each user be a member of a given group and all groups below.

It happens to be that way today (i.e. a member of stapdev must also be a member of stapusr), however are going to enforce that a member of stapdev must also be a member of stapkern? This could lead to the confusing situation where a member of stapdev can load an unsigned module, but can't load one signed for stapkern. In everything I've proposed so far, a module signed for a given privilege level can be loaded by users at that privilege level *and above*.

staprun already knows about multiple levels of privilege and what they mean. Specifically, it knows that root and members of stapdev can load any module.

I guess one way to do this without giving staprun additional knowledge of the privilege heirarchy would be to list *all* of the groups which can load the signed module in the elf section.

Dave

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]