* [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode
@ 2009-09-15 12:22 mjw at redhat dot com
2009-09-15 17:18 ` [Bug translator/10641] " jistone at redhat dot com
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: mjw at redhat dot com @ 2009-09-15 12:22 UTC (permalink / raw)
To: systemtap
We need to restrict the '-m NAME' option. It allows users to insert modules that
then block the loading of "real" modules. Example "attack":
% stap --unprivileged -m nfs -e 'probe begin { log("registered as nfs!"); }"'
registered as nfs!
% mount -t nfs nescio:/home /home/nescio
mount.nfs: No such device
[kill stap]
% mount -t nfs nescio:/home /home/nescio
[and now it is mounted]
--
Summary: -m NAME should be disabled in --unprivileged mode
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
AssignedTo: systemtap at sources dot redhat dot com
ReportedBy: mjw at redhat dot com
CC: brolley at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=10641
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/10641] -m NAME should be disabled in --unprivileged mode
2009-09-15 12:22 [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode mjw at redhat dot com
@ 2009-09-15 17:18 ` jistone at redhat dot com
2009-11-05 13:57 ` fche at redhat dot com
2009-12-07 20:30 ` dsmith at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: jistone at redhat dot com @ 2009-09-15 17:18 UTC (permalink / raw)
To: systemtap
------- Additional Comments From jistone at redhat dot com 2009-09-15 17:18 -------
We might allow it with some constraint on the name, e.g. requiring that it has a
"stap_" prefix. There could still be a naming conflict between stap users, but
I see no way to avoid that...
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10641
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/10641] -m NAME should be disabled in --unprivileged mode
2009-09-15 12:22 [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode mjw at redhat dot com
2009-09-15 17:18 ` [Bug translator/10641] " jistone at redhat dot com
@ 2009-11-05 13:57 ` fche at redhat dot com
2009-12-07 20:30 ` dsmith at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: fche at redhat dot com @ 2009-11-05 13:57 UTC (permalink / raw)
To: systemtap
--
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |10907
nThis| |
http://sourceware.org/bugzilla/show_bug.cgi?id=10641
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug translator/10641] -m NAME should be disabled in --unprivileged mode
2009-09-15 12:22 [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode mjw at redhat dot com
2009-09-15 17:18 ` [Bug translator/10641] " jistone at redhat dot com
2009-11-05 13:57 ` fche at redhat dot com
@ 2009-12-07 20:30 ` dsmith at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: dsmith at redhat dot com @ 2009-12-07 20:30 UTC (permalink / raw)
To: systemtap
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|systemtap at sources dot |dsmith at redhat dot com
|redhat dot com |
Status|NEW |ASSIGNED
http://sourceware.org/bugzilla/show_bug.cgi?id=10641
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-12-07 20:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-09-15 12:22 [Bug translator/10641] New: -m NAME should be disabled in --unprivileged mode mjw at redhat dot com
2009-09-15 17:18 ` [Bug translator/10641] " jistone at redhat dot com
2009-11-05 13:57 ` fche at redhat dot com
2009-12-07 20:30 ` dsmith at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).