[Bug 483543] Review Request: systemtapguiserver

bugzilla at redhat.com bugzilla at redhat.com
Wed Apr 1 15:21:00 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=483543





--- Comment #15 from Anithra <anithra at linux.vnet.ibm.com>  2009-04-01 11:20:58 EDT ---
(In reply to comment #14)
> It would be
> much better if people could run it as normal user for the case where the
> eclipse and the server are run by the same user.

I agree that users could be apprehensive about running the app as root and this
is one of the issues that we are looking to fix soon. eclipse and the server in
most cases may not be run by the same user as the server could be on a
different machine. The server minimally needs to be run as root or users of
group stapdev/stapusr to be able to run systemtap scripts, although the current
code mandates that the server is run as root. 

> There are a couple questionable cases in 
> datamanager.cpp:DataManager::execStap():
> 
> case (SHELL): allows executing arbitary script (as root this seems like a bad
> idea). what would prevent someone from using this to just connect and run
> arbitrary commands.
> 
> cases (BLUEDYE): mentions a package (Bluedye) that doesn't appear to be
> available in fedora

The server was designed to be able to run any script(not just systemtap) and
hence the above cases. This part of the code is there for future expansion.
Currently these cases are never true  and so there is no chance of arbitrary
commands being run.

> 
> Why scp the file to the server machine? why not send it to the stapgui-server
> with the command and run with stap -e 'script...'? Currently, the plugin stores

I had some problems with protocol management due to the variable length of the
script. It might be better to transfer as part of the command through the
socket connection and remove one step from the setup. Will redesign in
subsequent releases. 

> the password in plantext in a possibly world readable file. Also the current
> checks in the plugin do not seem to notice if the transfer failed (due to
> missing password).
>

You should have got an error message saying "File transferred failed". Will
look into it

> The compile server does compile code, but it doesn't perform the other aspects
> of systemtapgui server such as execute the script and collect stdout/stderr.
> Could systemtapgui be stripped down just to use staprun to run a compiled
> script? Make it possible to run systemtap scripts on stripped down machines.
> This would be useful for cases of running code on compute nodes in a cluster.  

This is one feature we are looking at in future releases of the client.
Possibly by the end of the year. We are exploring the option of using the
compile-server for compilation, and systemtapguiserver for execution. 

Thanks for the review. Can we treat the code changes/bug fixes as upstream
issues so that this review is not blocked?.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list