Need some security advice for systemtap
David Smith
dsmith at redhat.com
Mon Jun 4 19:33:50 UTC 2007
I need some security development help (and this might be the wrong list
- if so, please point me in the right direction). I'm one of the
systemtap developers. You can see <http://sourceware.org/systemtap/>
for details, but a 2 second overview is that systemtap allows users to
write a script that probes points in the kernel. systemtap takes the
script, converts it into C, compiles the C into a kernel module, inserts
the kernel module, and displays any output from the compiled script.
When the script finishes, we remove the kernel module.
One of the complaints we get from users is that we require root access
(using sudo) to install/remove the kernel module. Large enterprise
customers typically don't give out sudo access to all admins. So, they
would like a way to designate certain scripts/modules as "blessed", and
allow admins/developers/etc. without root access to run those "blessed"
scripts/modules.
Some basic ideas about how we can allow users without sudo access to run
"blessed" scripts/modules can be seen at
<http://sources.redhat.com/bugzilla/show_bug.cgi?id=4523>,
So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a
manner that won't allow a system to be easily compromised. We're in
the fairly early stages of this idea, and I'm looking for direction
before heading down the wrong road.
Thanks for the help.
--
David Smith
dsmith at redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
More information about the security
mailing list