[Bug runtime/10984] New: restrict unprivileged mode operation to "stapusr" or similar

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

From: "fche at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sources.redhat.com
Subject: [Bug runtime/10984] New: restrict unprivileged mode operation to "stapusr" or similar
Date: Thu, 19 Nov 2009 05:10:00 -0000	[thread overview]
Message-ID: <20091119051007.10984.fche@redhat.com> (raw)

Considering the potential size of the worm can, for an early
non-experimental deployment of unprivileged mode, let's allow
sysadmins to restrict staprun to run even signed code only for
some users.

If we don't wish to build an elaborate ACL setup (or even a
simple one like /etc/ftpusers), how about restricting
signed mode to only "stapusr" people.  That way, two separate
actions are required by a local sysadmin: the approval of the
compilation environment, and approval of individual users.

Reuse of "staprun" as the groupid is probably plausible since
it's already a "lower privilege" sort of systemtap user, which
can only run precompiled stuff specifically installed under
/lib/modules/`uname -r`/systemtap.  The proposal here is to
also permit such people to run --unprivileged scripts / signed
modules.

(Another option is to create a third user group, like "stapunpriv",
but I can't think of a good case for it as distinct from stapusr.)

-- 
           Summary: restrict unprivileged mode operation to "stapusr" or
                    similar
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: runtime
        AssignedTo: systemtap at sources dot redhat dot com
        ReportedBy: fche at redhat dot com
OtherBugsDependingO 10907
             nThis:

http://sourceware.org/bugzilla/show_bug.cgi?id=10984

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

next             reply	other threads:[~2009-11-19  5:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-19  5:10 fche at redhat dot com [this message]
2009-11-20 16:58 ` [Bug runtime/10984] " brolley at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091119051007.10984.fche@redhat.com \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=systemtap@sources.redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).