public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed
* [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root
@ 2023-04-07  1:18 fche at redhat dot com
  2024-02-27 22:03 ` [Bug translator/30321] " mcermak at redhat dot com
  0 siblings, 1 reply; 2+ messages in thread
From: fche at redhat dot com @ 2023-04-07  1:18 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=30321

            Bug ID: 30321
           Summary: apply privilege separation for passes 2/3/4, esp. if
                    invoked as root
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

systemtap's pass 2 (and a bit of pass 3 - the -d option) involves processing
elf/dwarf files via elfutils.  While these files tend to be trusted &
trustworthy, it may be comforting from a security perspective if systemtap
attempts to shed privileges while dealing with them.  Similarly, invoking the
subordinate compilers should be done with a reduced privilege if possible.

Some complications:

- pass 2 may well involve elfutils-triggered debuginfod downloads,
  ergo client cache writes

- pass 3 may want to read /proc/kallsyms, which the kernel may obfuscate
  unless read as root

- filesystem permissions for the target binaries may require root to open
  (but not to process)

- pass 5 will generally require full privileges, so simply dropping privs
  early altogether is not possible


The smallest practical step that may give some incremental protection
could be to add some setreuid(2) calls to temporarily swap between root
and an unprivileged uid around certain processing steps.

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug translator/30321] apply privilege separation for passes 2/3/4, esp. if invoked as root
  2023-04-07  1:18 [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root fche at redhat dot com
@ 2024-02-27 22:03 ` mcermak at redhat dot com
  0 siblings, 0 replies; 2+ messages in thread
From: mcermak at redhat dot com @ 2024-02-27 22:03 UTC (permalink / raw)
  To: systemtap

https://sourceware.org/bugzilla/show_bug.cgi?id=30321

Martin Cermak <mcermak at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|systemtap at sourceware dot org    |mcermak at redhat dot com
                 CC|                            |mcermak at redhat dot com

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-02-27 22:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-07  1:18 [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root fche at redhat dot com
2024-02-27 22:03 ` [Bug translator/30321] " mcermak at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).