* [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root
@ 2023-04-07 1:18 fche at redhat dot com
2024-02-27 22:03 ` [Bug translator/30321] " mcermak at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: fche at redhat dot com @ 2023-04-07 1:18 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=30321
Bug ID: 30321
Summary: apply privilege separation for passes 2/3/4, esp. if
invoked as root
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: translator
Assignee: systemtap at sourceware dot org
Reporter: fche at redhat dot com
Target Milestone: ---
systemtap's pass 2 (and a bit of pass 3 - the -d option) involves processing
elf/dwarf files via elfutils. While these files tend to be trusted &
trustworthy, it may be comforting from a security perspective if systemtap
attempts to shed privileges while dealing with them. Similarly, invoking the
subordinate compilers should be done with a reduced privilege if possible.
Some complications:
- pass 2 may well involve elfutils-triggered debuginfod downloads,
ergo client cache writes
- pass 3 may want to read /proc/kallsyms, which the kernel may obfuscate
unless read as root
- filesystem permissions for the target binaries may require root to open
(but not to process)
- pass 5 will generally require full privileges, so simply dropping privs
early altogether is not possible
The smallest practical step that may give some incremental protection
could be to add some setreuid(2) calls to temporarily swap between root
and an unprivileged uid around certain processing steps.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug translator/30321] apply privilege separation for passes 2/3/4, esp. if invoked as root
2023-04-07 1:18 [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root fche at redhat dot com
@ 2024-02-27 22:03 ` mcermak at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: mcermak at redhat dot com @ 2024-02-27 22:03 UTC (permalink / raw)
To: systemtap
https://sourceware.org/bugzilla/show_bug.cgi?id=30321
Martin Cermak <mcermak at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|systemtap at sourceware dot org |mcermak at redhat dot com
CC| |mcermak at redhat dot com
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-27 22:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-07 1:18 [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root fche at redhat dot com
2024-02-27 22:03 ` [Bug translator/30321] " mcermak at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).