Need some security advice for systemtap
David Smith
dsmith at redhat.com
Mon Jun 11 13:09:13 UTC 2007
Thanks for the response. See stuff below.
Pavel Kankovsky wrote:
> On Mon, 4 Jun 2007, David Smith wrote:
>
>> One of the complaints we get from users is that we require root access
>> (using sudo) to install/remove the kernel module. Large enterprise
>> customers typically don't give out sudo access to all admins. So, they
>> would like a way to designate certain scripts/modules as "blessed", and
>> allow admins/developers/etc. without root access to run those "blessed"
>> scripts/modules.
>
> The easiest way to designate a certain script as "blessed" (and quite
> difficult to goof it up) is to let a trusted user take the source of the
> script, check it, make a kernel module, and install it into a designated
> directory on the target system (or systems), perhaps under
> "/lib/modules/$version".
That's my current thinking. Seems easier from a user's point of view
and less fragile from a security point of view.
> If you are afraid of allowing "untrusted admins" run "sudo modprobe
> the_probe" (but not afraid of allowing to run your own setuid root
> program) you can create something like "sustaprun" that will make it
> possible to load blessed modules (from the designated directory) only.
That's also my current thinking. I'm trying to prototype this now.
--
David Smith
dsmith at redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)
More information about the security
mailing list