|
|
Subscribe / Log in / New account

important systemtap security fix

[Posted November 17, 2010 by corbet]

From:  "Frank Ch. Eigler" <fche-AT-redhat.com>
To:  systemtap-AT-sources.redhat.com
Subject:  important systemtap security fix
Date:  Wed, 17 Nov 2010 10:11:07 -0500
Message-ID:  <20101117151107.GK29719@redhat.com>

Hi -

On Monday, Tavis Ormandy kindly let us know of two serious problems in
the setuid-root /usr/bin/staprun program.  These have now been patched
in the git repo, and updates are being released for RHEL and Fedora.

Until you install the patches, one workaround would be to remove the
setuid bits from staprun (chmod u-s /usr/bin/staprun), and operate it
only as root.  After the patches, the main end-user difference will be
that current non-root 'stapdev' users (who are root-equivalent in
systemtap powers) would also have to be added to the 'stapusr'
(limited-privilege powers) group.

We are sorry for the inconvenience.

https://bugzilla.redhat.com/show_bug.cgi?id=653606
https://bugzilla.redhat.com/show_bug.cgi?id=653604

- FChE

to post comments


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds