* How does embedded C + annotations + privileges really play together?
@ 2012-05-30 15:12 Petr Muller
2012-05-30 15:31 ` Frank Ch. Eigler
0 siblings, 1 reply; 4+ messages in thread
From: Petr Muller @ 2012-05-30 15:12 UTC (permalink / raw)
To: systemtap
Hi,
I've been playing with embedded C in systemtap probes, and by studying
stap manpage (the version in F16) some things are not clear to me. It
seems that to use embedded C, one needs to *always* use guru mode.
Seems logical, but then there follows a description of "The embedded-C
code may contain markers to ...", which contains stuff like '/*
unprivileged */' and '/* guru */'. The first one says that with these
annotations it should be possible to use embedded C even as a
unprivileged user, and the second one seems simply redundant.
However, my experiments with stap server seem to refuse -g and
--privilege=stapusr options togetger.
Could anyone clarify how and if these annotations should really work?
Thanks,
--
Petr Muller
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How does embedded C + annotations + privileges really play together?
2012-05-30 15:12 How does embedded C + annotations + privileges really play together? Petr Muller
@ 2012-05-30 15:31 ` Frank Ch. Eigler
2012-05-30 15:59 ` Bryn M. Reeves
2012-05-30 21:45 ` Frank Ch. Eigler
0 siblings, 2 replies; 4+ messages in thread
From: Frank Ch. Eigler @ 2012-05-30 15:31 UTC (permalink / raw)
To: muller; +Cc: systemtap
Petr Muller <muller@redhat.com> writes:
> Seems logical, but then there follows a description of "The embedded-C
> code may contain markers to ...", which contains stuff like '/*
> unprivileged */' and '/* guru */'. The first one says that with these
> annotations it should be possible to use embedded C even as a
> unprivileged user, and the second one seems simply redundant.
The /* guru */ markup is useful in embedded-C functions in the tapset.
Normally, embedded-C code in the tapset is allowed to be called,
without stap -g guru mode, because it is presumed to be
safely/competently written. These are usually for direct invocation
from within the tapset handlers themselves.
Such functions may not be invoked from --privilege=stapusr mode at
all, unless they are instead marked /* unprivileged */. These
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How does embedded C + annotations + privileges really play together?
2012-05-30 15:31 ` Frank Ch. Eigler
@ 2012-05-30 15:59 ` Bryn M. Reeves
2012-05-30 21:45 ` Frank Ch. Eigler
1 sibling, 0 replies; 4+ messages in thread
From: Bryn M. Reeves @ 2012-05-30 15:59 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: muller, systemtap
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/30/2012 04:30 PM, Frank Ch. Eigler wrote:
> Petr Muller <muller@redhat.com> writes:
>
>> Seems logical, but then there follows a description of "The
>> embedded-C code may contain markers to ...", which contains stuff
>> like '/* unprivileged */' and '/* guru */'. The first one says
>> that with these annotations it should be possible to use embedded
>> C even as a unprivileged user, and the second one seems simply
>> redundant.
>
> The /* guru */ markup is useful in embedded-C functions in the
> tapset. Normally, embedded-C code in the tapset is allowed to be
> called, without stap -g guru mode, because it is presumed to be
> safely/competently written. These are usually for direct
> invocation from within the tapset handlers themselves.
An example of restricting callers via /* guru */ use in tapsets can be
found in guru-delay.stp:
30 function mdelay(ms:long) %{
31 /* guru */
32 mdelay(THIS->ms);
33 %}
This restricts the use of the tapset to competent users (or at least:
users the administrator believes to be competent ;).
Regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/GQ9AACgkQ6YSQoMYUY95j1ACgsz/YzePHJc9KuSEg4lxn6cyQ
V5IAn0da26xiRtuody1iuP0yva77Opt/
=kUUF
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: How does embedded C + annotations + privileges really play together?
2012-05-30 15:31 ` Frank Ch. Eigler
2012-05-30 15:59 ` Bryn M. Reeves
@ 2012-05-30 21:45 ` Frank Ch. Eigler
1 sibling, 0 replies; 4+ messages in thread
From: Frank Ch. Eigler @ 2012-05-30 21:45 UTC (permalink / raw)
To: muller; +Cc: systemtap
I wrote, incompletely:
> The /* guru */ markup is useful in embedded-C functions in the tapset.
> Normally, embedded-C code in the tapset is allowed to be called,
> without stap -g guru mode, because it is presumed to be
> safely/competently written. These are usually for direct invocation
> from within the tapset handlers themselves.
I meant to add:
They are safe to call with valid input, though may expose private
data. Because of these presumptions, unprivileged users may not run
them. Privileged users may, but need to be careful.
Contrast this with embedded-C functions declared with /* guru */.
They are unsafe for general use, even by privileged users. They are
only intended for special cases and/or expert users, requiring stap -g.
> Such functions may not be invoked from --privilege=stapusr mode at
> all, unless they are instead marked /* unprivileged */. These
I meant to continue:
... functions are unusually robustly written, with the possibility in
mind that inputs are malevolent. (It would not make sense to mark
an embedded-C function both /* guru */ and /* unprivileged */, in the
same way it doesn't make sense to run "stap -g --privilege=stapusr".
- FChE
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-05-30 21:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-30 15:12 How does embedded C + annotations + privileges really play together? Petr Muller
2012-05-30 15:31 ` Frank Ch. Eigler
2012-05-30 15:59 ` Bryn M. Reeves
2012-05-30 21:45 ` Frank Ch. Eigler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).