From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <systemtap-return-13578-listarch-systemtap=sources.redhat.com@sourceware.org>
Received: (qmail 3244 invoked by alias); 15 Sep 2009 12:22:09 -0000
Received: (qmail 3169 invoked by uid 48); 15 Sep 2009 12:21:58 -0000
Date: Tue, 15 Sep 2009 12:22:00 -0000
From: "mjw at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sources.redhat.com
Message-ID: <20090915122158.10641.mjw@redhat.com>
Reply-To: sourceware-bugzilla@sourceware.org
Subject: [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode
X-Bugzilla-Reason: AssignedTo
Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <systemtap.sourceware.org>
List-Subscribe: <mailto:systemtap-subscribe@sourceware.org>
List-Post: <mailto:systemtap@sourceware.org>
List-Help: <mailto:systemtap-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: systemtap-owner@sourceware.org
X-SW-Source: 2009-q3/txt/msg00729.txt.bz2

We need to restrict the '-m NAME' option. It allows users to insert modules that
then block the loading of "real" modules. Example "attack":

% stap --unprivileged -m nfs -e 'probe begin { log("registered as nfs!"); }"'
registered as nfs!

% mount -t nfs nescio:/home /home/nescio
mount.nfs: No such device

[kill stap]

% mount -t nfs nescio:/home /home/nescio

[and now it is mounted]

-- 
           Summary: -m NAME should be disabled in --unprivileged mode
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: mjw at redhat dot com
                CC: brolley at redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=10641

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.