diff options
| author | Dave Brolley <brolley@redhat.com> | 2010-02-02 08:28:16 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2010-02-02 08:28:16 -0500 |
| commit | 743757687f9c09bf9ef84b576bc0aa0fc19dea4c (patch) | |
| tree | be77bd3f7d03be09774a25f7260182941e99907a /README.security | |
| parent | 241443ad36a5a2cacb9e8e6f12f808d304835f2a (diff) | |
| parent | cc57beca8d9d168ef42edb1f8b43f594105dfdf2 (diff) | |
| download | systemtap-steved-743757687f9c09bf9ef84b576bc0aa0fc19dea4c.tar.gz systemtap-steved-743757687f9c09bf9ef84b576bc0aa0fc19dea4c.tar.xz systemtap-steved-743757687f9c09bf9ef84b576bc0aa0fc19dea4c.zip | |
Merge branch 'master' of ssh://sources.redhat.com/git/systemtap
Diffstat (limited to 'README.security')
| -rw-r--r-- | README.security | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/README.security b/README.security index 323840f6..4f649d5d 100644 --- a/README.security +++ b/README.security @@ -71,7 +71,7 @@ the permissions should be 755, like this: drwxr-xr-x 2 root root 4096 2007-08-07 13:54 systemtap/ 2) More permissive usage. If all systemtap developers should be able -to add "approved" systemtap modules to /lib/modules/VERSION/system, +to add "approved" systemtap modules to /lib/modules/VERSION/systemtap, its permissions should be 775 (and be owned by root, group stapdev), like this: @@ -108,6 +108,6 @@ permitted to have. In addition, the effective set of capabilities, the capabilities from the permitted set that are currently enabled, is cleared. When needed, a particular capability is enabled, the operation is performed, then the capability is disabled. The staprun -program was designed this way to prevent several classes of security +program was designed in this way to prevent several classes of security attacks. Security is also heightened by the fact that the only external program that staprun executes is stapio. |