Tracing with DTrace, when custom probe provider is running as regular user
Alexander Leidinger
Alexander at leidinger.net
Fri Apr 13 08:45:58 UTC 2018
Quoting Matthew Seaman <matthew at freebsd.org> (from Mon, 9 Apr 2018
11:30:10 +0100):
> On 09/04/2018 11:01, Daniel Dettlaff wrote:
>> Issue is critical for tracing Postgresql which demands to run with
>> NON privileged user, but in general launching any server software as root
>> should be considered to be "harmful" / "a bad idea" right?
>
> The issue with allowing non-privileged users access to dtrace is the
> risk of disclosing kernel memory. Unfortunately blocking this
> access means that using the UserSDT's from (for example)
> postgresql-server running as the postgres user is not permitted.
If I understand it right, the original poster was also not able to
trace a non-root process with root-dtrace.
What's the reason for this?
Bye,
Alexander.
--
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild at FreeBSD.org : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20180413/b981665e/attachment.sig>
More information about the freebsd-hackers
mailing list