Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
1.219. systemtap
1.219.1. RHSA-2009:0373: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0373
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis.
A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784)
Note: This issue was only exploitable if another SystemTap kernel module was placed in the "systemtap/" module directory for the currently running kernel.
Red Hat would like to thank Erik Sjölund for reporting this issue.
SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue.
1.219.2. RHBA-2009:1313: bug fix and enhancement update
Updated
systemtap packages that fix various bugs, enhance user-space probing, improve support for debuginfo-less operations and apply several other enhancements are now available.
SystemTap provides an instrumentation infrastructure for systems running the Linux 2.6 kernel. It allows users to write scripts that probe and trace system events for monitoring and profiling purposes. SystemTap's framework allows users to investigate and monitor a wide variety of wide variety of kernel functions, system calls, and other events that occur in both kernel-space and user-space.
With this update, SystemTap is now re-based on upstream version 0.9.7. This applies several enhancements and bug fixes, namely:
- On-file flight recording is now supported. This allows
stapto run in the background and record huge trace log information on the disk, rather than just to memory. (BZ#438737) - Kernel tracepoints are now supported for probing predefined kernel events without any debuginfo information. Tracepoints incur less overhead than kprobes, and context parameters are available with full type information. For a list of available, supported tracepoints, run the command
stap -L 'kernel.trace("*")'. (BZ#475456 and BZ#498040) - A SystemTap initscript is now included with this release, and is provided by the package
systemtap-initscript. This initscript allows users to run SystemTap scripts as system services (in flight recorder mode) and control those scripts individually. For more information, refer to/usr/share/doc/systemtap-initscript-<version>/README.initscript. (BZ#474906 and BZ#481705) - This update resolves a ref-count problem that prevented uprobes from properly disposing the uprobe_process struct on exec while there are outstanding uretprobe instances. In addition, a bug that caused utrace to incorrectly report events-in-progress to a recently-created engine is now fixed as well. These fixes address several uretprobe bugs that could cause the system to hang in previous releases. (BZ#478711)
- SystemTap log rotation is now supported. With this, a running SystemTap script can switch to a different log file during on-file flight recording without stopping. Users can specify a time or log file size that triggers a log rotation, helping ensure that a SystemTap script never stops recording information. (BZ#481704)
stapprep.shis a script documented in the SystemTap Beginner's Guide, used to determine and download (when able) the kernel information packages needed to run SystemTap. This script is now included by default in the systemtap package as the commandstap-prep. (BZ#485498)- When
stappassed a kill signal to its children, it was possible for that signal to be sent to all other processes in the same process group. This could include processes other than its children. This was because SystemTap usedsystem()to manipulate process groups. With this update, SystemTap now usesstap_system()instead ofsystem(); this allowsstapto save the process ID of all its children, ensuring thatstaponly sends signals to its children. (BZ#494462) - Probes that used
insnprobe points failed. While the upstream version of SystemTap fully supports the use ofinsnprobe points, the kernel and utrace versions used by Red Hat Enterprise Linux 5 did not define the required macrosarch_has_single_step()andarch_has_block_step(). With this release, SystemTap defines these macros during compile time wheneverinsnprobe points are used. (BZ#498018) - The
systemtap-testsuitepackage contained test cases (systemtap.base/bz10078.stp,buildko/two.stp, andbuildok/thirty.stp) that were incorrectly configured as "executable". Any test runs involving these cases failed unexpectedly. This release fixes the permissions for all test cases provided by thesystemtap-testsuitepackage. (BZ#499657) - The
context.stptapset now contains a definition for thetask_pt_regs()macro, which is required to compile some types of SystemTap scripts on the PowerPC platform. (BZ#499688) - Compiling any program that used static dynamic trace markers for the
STAP_PROBEorDTRACE_PROBEmacros on the PowerPC platform resulted in an error. This was caused by an incorrectif/elsestatement in thesdt.hheadr file, did not define PowePC as required; as such, thesdt.hheader file supplied an incorrect macro definition forSTAP_NOP. With this update,sdt.hnow provides the correct macro definition forSTAP_NOPon the PowerPC platform. (BZ#501795) - A bug in the implementation of kernel return probe trampolines made it possible for some stack tracebacks to go undetected. Whenever this occurred, the stack unwinder would not be executed, resulting in a garbled stack. With this release, the code for detecting the kernel return probe trampoline is now fixed, ensuring that all stack tracebacks are dealt with accordingly. In addition, this release also uses the kernel DWARF unwinder automatically in the event of stack tracebacks. (BZ#503225)
- A bug in
runtime/task_finder.cmade it possible for some processes to hold a semaphore while performing a memory map callback. Whenever this occurred, some tasks would become deadlocked if they were probed by user-space probes. This update fixes the bug, ensuring that memory map callbacks are safe and do not cause deadlocks. (BZ#504007)
SystemTap is no longer a technology preview, and now has production support. Red Hat recommendeds that users run scripts on development machines before deployment in production environments. Since SystemTap is an optional diagnostic tool, users can easily stop using it in the event of a problem. Options such as
-g for Guru mode, and -D* allow users to disable several security checks. Scripts using these options may not be supported.
Red Hat plans to fix problems in SystemTap, or the Linux kernel, as they arise in connection with new scripts. In some cases, a fix may include extending the blacklist for known areas of the Linux kernel that are unsafe to probe. All scripts that use probes targeting blacklisted areas will need to be revised.
SystemTap users are advised to upgrade to this version.
