diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-09-14 15:46:34 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-09-14 15:46:34 -0400 |
| commit | 20ab90b5217b3e294cef1f845bc9a794b365a983 (patch) | |
| tree | 232b4b6b2504bb7c55a5b6a167fdf053f5d93605 | |
| parent | b9c1510ee2ef5283d7faafad4e82a4bb933d9e29 (diff) | |
| download | systemtap-steved-20ab90b5217b3e294cef1f845bc9a794b365a983.tar.gz systemtap-steved-20ab90b5217b3e294cef1f845bc9a794b365a983.tar.xz systemtap-steved-20ab90b5217b3e294cef1f845bc9a794b365a983.zip | |
Authorize new certificates created for servers started by root as authorized signers.
Update NEWS with the latest usage infor for --unprivileged.
| -rw-r--r-- | NEWS | 18 | ||||
| -rwxr-xr-x | stap-serverd | 5 |
2 files changed, 17 insertions, 6 deletions
@@ -39,17 +39,23 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap (see module signing in release 0.9.8 below). - - Modules signed by trusted users and verified by staprun will be loaded by + by stap-server (see module signing in release 0.9.8 and stap-server in + release 0.9 below). + - Modules signed by trusted signers and verified by staprun will be loaded by staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a user by running + - The system administrator asserts the trustworthiness of a signer by running stap-authorize-signing-cert <cert-file> as root, where <cert-file> can - be found in ~<user>/.systemtap/ssl/server/stap.cert. + be found in ~<user>/.systemtap/ssl/server/stap.cert for servers started by + ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for servers + started by root. + - Servers started by root are automatically authorized as trusted signers on + the local host. - Restrictions are intentionally strict at this time and will be relaxed in the future: - probe points are restricted to: - begin, begin(n), end, end(n), error(n), never, - timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n) + begin, begin(n), end, end(n), error, error(n), never, + timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), + process.* (for processes owned by the user). - embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. diff --git a/stap-serverd b/stap-serverd index 4eee8c38..5b05a819 100755 --- a/stap-serverd +++ b/stap-serverd @@ -56,6 +56,11 @@ function initialization { -x `which ${stap_exec_prefix}stap-client`; then ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile fi + # If we are root, then add the server's certificate as a trusted + # signer. + if test $EUID = 0; then + ${stap_exec_prefix}stap-authorize-signing-cert $ssl_db/$stap_certfile + fi elif ! test -f $stap_ssl_db/client/cert8.db; then # If the client's database does not exist, then initialize it with our certificate. # Do this only if the client has been installed. |