|From:||"Frank Ch. Eigler" <fche-AT-redhat.com>|
|Subject:||important systemtap security fix|
|Date:||Wed, 17 Nov 2010 10:11:07 -0500|
Hi - On Monday, Tavis Ormandy kindly let us know of two serious problems in the setuid-root /usr/bin/staprun program. These have now been patched in the git repo, and updates are being released for RHEL and Fedora. Until you install the patches, one workaround would be to remove the setuid bits from staprun (chmod u-s /usr/bin/staprun), and operate it only as root. After the patches, the main end-user difference will be that current non-root 'stapdev' users (who are root-equivalent in systemtap powers) would also have to be added to the 'stapusr' (limited-privilege powers) group. We are sorry for the inconvenience. https://bugzilla.redhat.com/show_bug.cgi?id=653606 https://bugzilla.redhat.com/show_bug.cgi?id=653604 - FChE
Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds