summaryrefslogtreecommitdiffstats
path: root/stap.1.in
diff options
context:
space:
mode:
Diffstat (limited to 'stap.1.in')
-rw-r--r--stap.1.in43
1 files changed, 33 insertions, 10 deletions
diff --git a/stap.1.in b/stap.1.in
index a68a030b..85ff8266 100644
--- a/stap.1.in
+++ b/stap.1.in
@@ -754,7 +754,9 @@ Any run-time error encountered by the probe handlers, such as running
out of memory, division by zero, exceeding nesting or runtime limits,
results in a soft error indication. Soft errors in excess of
MAXERRORS block of all subsequent probes, and terminate the session.
-Finally, staprun unloads the module, and cleans up.
+Finally,
+.I staprun
+unloads the module, and cleans up.
.SH EXAMPLES
See the
@@ -773,20 +775,42 @@ directory, which may be periodically cleaned/erased by the user.
.SH SAFETY AND SECURITY
Systemtap is an administrative tool. It exposes kernel internal data
-structures and potentially private user information. It acquires root
-privileges to actually run the kernel objects it builds using the
-.IR sudo
-command applied to the
+structures and potentially private user information.
+It acquires
+either root privileges
+
+To actually run the kernel objects it builds, a user must be one of
+the following:
+.IP \(bu 4
+the root user;
+.IP \(bu 4
+a member of the
+.I stapdev
+group; or
+.IP \(bu 4
+a member of the
+.I stapusr
+group. Members of the
+.I stapusr
+group can only use modules located in
+the /lib/modules/VERSION/systemtap directory. This directory
+must be owned by root and not be world writable.
+.PP
+The kernel modules generated by
+.I stap
+program are run by the
.IR staprun
program. The latter is a part of the Systemtap package, dedicated to
module loading and unloading (but only in the white zone), and
kernel-to-user data transfer. Since
.IR staprun
does not perform any additional security checks on the kernel objects
-it is given, it would be unwise for a system administrator to give
-even targeted
-.IR sudo
-privileges to untrusted users.
+it is given, it would be unwise for a system administrator to add
+untrusted users to the
+.I stapdev
+or
+.I stapusr
+groups.
.PP
The translator asserts certain safety constraints. It aims to ensure
that no handler routine can run for very long, allocate memory,
@@ -897,7 +921,6 @@ unloading.
.IR stapex (5),
.IR lket (5),
.IR awk (1),
-.IR sudo (8),
.IR gdb (1)
.SH BUGS
generated by cgit (git 2.34.1) at 2025-02-24 04:00:18 +0000