* [Bug runtime/4523] New: setuid staprun for module loading by unprivileged users
@ 2007-05-18 15:27 fche at redhat dot com
2007-06-04 19:04 ` [Bug runtime/4523] " dsmith at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: fche at redhat dot com @ 2007-05-18 15:27 UTC (permalink / raw)
To: systemtap
See http://sourceware.org/ml/systemtap/2006-q4/msg00041.html
--
Summary: setuid staprun for module loading by unprivileged users
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: fche at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=4523
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug runtime/4523] setuid staprun for module loading by unprivileged users
2007-05-18 15:27 [Bug runtime/4523] New: setuid staprun for module loading by unprivileged users fche at redhat dot com
@ 2007-06-04 19:04 ` dsmith at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: dsmith at redhat dot com @ 2007-06-04 19:04 UTC (permalink / raw)
To: systemtap
------- Additional Comments From dsmith at redhat dot com 2007-06-04 19:04 -------
Here's a summary of the security related ideas from Frank's email:
...
We've mentioned somehow securely identifying of compiled modules to
represent a special permission to execute. This would be a way of
having a security expert dude formally designate a module for use on a
locked-down deployment machine. Given that the modsign code in
FC/RHEL is not widespread or general enough, a proper kernel-enforced
crypto signature may be out of reach. Maybe we can list (say) md5sums
of approved module .ko's in a /etc/systemtap/authorized_probes file,
and have a new staprun.auth variant that checks it before submitting a
module to insmod(8) (or actually better, to sys_init_module(2)
directly).
...
# grep TARGET2 $HOME/.systemtap/known_hosts
TARGET2 execute=ssh:user@host.name:auth kernel=2.6.18-78234.327 arch=i686 cpu=p4
% md5sum /home/fche/.systemtap/cache/0xfeedface.ko
982734982739487239487234
% ssh root@host.name echo md5:982734982739487239487234 >>
/etc/systemtap/authorized_probes # bless this module
% stap -T TARGET2 -e "probe foo { ... }" -x CMD
(scp 0xfeedface.ko to user@host.name:/tmp)
(ssh user@host.name staprun.auth /tmp/0xfeedface.ko -x CMD)
(no sudo password needed!)
(CMD forked under real-uid privileges; module loaded under setuid)
(probe output)
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|systemtap at sources dot |dsmith at redhat dot com
|redhat dot com |
Status|NEW |ASSIGNED
http://sourceware.org/bugzilla/show_bug.cgi?id=4523
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-06-04 19:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-05-18 15:27 [Bug runtime/4523] New: setuid staprun for module loading by unprivileged users fche at redhat dot com
2007-06-04 19:04 ` [Bug runtime/4523] " dsmith at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).