|| ||"Frank Ch. Eigler" <fche-AT-redhat.com> |
|| ||systemtap-AT-sources.redhat.com |
|| ||important systemtap security fix |
|| ||Wed, 17 Nov 2010 10:11:07 -0500|
|| ||Article, Thread
On Monday, Tavis Ormandy kindly let us know of two serious problems in
the setuid-root /usr/bin/staprun program. These have now been patched
in the git repo, and updates are being released for RHEL and Fedora.
Until you install the patches, one workaround would be to remove the
setuid bits from staprun (chmod u-s /usr/bin/staprun), and operate it
only as root. After the patches, the main end-user difference will be
that current non-root 'stapdev' users (who are root-equivalent in
systemtap powers) would also have to be added to the 'stapusr'
(limited-privilege powers) group.
We are sorry for the inconvenience.
to post comments)