[Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root

public inbox for systemtap@sourceware.org
 help / color / mirror / Atom feed

From: "fche at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: systemtap@sourceware.org
Subject: [Bug translator/30321] New: apply privilege separation for passes 2/3/4, esp. if invoked as root
Date: Fri, 07 Apr 2023 01:18:34 +0000	[thread overview]
Message-ID: <bug-30321-6586@http.sourceware.org/bugzilla/> (raw)

https://sourceware.org/bugzilla/show_bug.cgi?id=30321

            Bug ID: 30321
           Summary: apply privilege separation for passes 2/3/4, esp. if
                    invoked as root
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: translator
          Assignee: systemtap at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

systemtap's pass 2 (and a bit of pass 3 - the -d option) involves processing
elf/dwarf files via elfutils.  While these files tend to be trusted &
trustworthy, it may be comforting from a security perspective if systemtap
attempts to shed privileges while dealing with them.  Similarly, invoking the
subordinate compilers should be done with a reduced privilege if possible.

Some complications:

- pass 2 may well involve elfutils-triggered debuginfod downloads,
  ergo client cache writes

- pass 3 may want to read /proc/kallsyms, which the kernel may obfuscate
  unless read as root

- filesystem permissions for the target binaries may require root to open
  (but not to process)

- pass 5 will generally require full privileges, so simply dropping privs
  early altogether is not possible

The smallest practical step that may give some incremental protection
could be to add some setreuid(2) calls to temporarily swap between root
and an unprivileged uid around certain processing steps.

-- 
You are receiving this mail because:
You are the assignee for the bug.

next             reply	other threads:[~2023-04-07  1:18 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-07  1:18 fche at redhat dot com [this message]
2024-02-27 22:03 ` [Bug translator/30321] " mcermak at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-30321-6586@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=systemtap@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).