From: Daniel H. <dan...@li...> - 2008-04-08 08:18:23
|
Hi, the last big TODO item is to change the current JIT dump file conversion process. The current state converting the JIT dump files with root privileges is not secure and not recommended. The decision was to change that processing to use a special user account called 'opjit' with the special group 'opjit'. The change is done in 2 steps: 1. Separation of the conversion process. 2. Implementation of using the new special user account to convert the dump files. Please review my patches and give comments on them. Thanks in advance. Kind regards, Daniel |
From: Daniel H. <dan...@li...> - 2008-04-08 08:18:34
Attachments:
conv_separation.patch
|
Here is the patch to separate the conversion functionality in its own module. That is useful to separate the code handling potentially insecure data from the rest of the code. Kind regards, Daniel |
From: Daniel H. <dan...@li...> - 2008-04-08 08:18:42
Attachments:
use_special_user.patch
|
Here is the second patch to introduce the usage of the special user account 'opjit' to do the conversion of the JIT dump files. A check in the makefile is included to warn if the user account is not created yet. The idea was to only check if the special user account exists because there are many system environments where users who would use Oprofile are not allowed to create user account by themselves. Therefore the build process should not create that user account automatically. Kind regards, Daniel |