Need some security advice for systemtap
grundy
grundym at us.ibm.com
Tue Jun 5 17:19:58 UTC 2007
I think a good way to handle it would be to have a configuration file
like /etc/sudoers and setuid root stap (or staprun). The access control
would then be built into systemtap.
Here are my ideas of what would make a "good" set of controls:
- level of tap script they can run, e.g. guru mode code or not
- sections of the kernel they can access (maybe this is
better represented as what tapsets may they use)
- how much overhead are they allowed to put on the system
- are they allowed to look at data for other user's processes
- are they allowed to reference line #'s or direct memory addrs
I think that it would probably mean having a list created at compile
time that indicates what things the resulting modules do. staprun would
then create a permissions "mask" for the user and compare it to what is
in the module (yeah, ummm, magic happens here?) or maybe when the module
loads it looks at it's internal list and the permissions of the calling
user (passed in by staprun) and decides if it will run or not.
Thanks
Mike
More information about the security
mailing list