|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2015-06-03 21:14:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Emergency security band-aids with Systemtap
Here's an
article on the Red Hat security blog on the use of Systemtap to apply
emergency security fixes. "With the vulnerability-band-aid approach
chosen, we need to express our intent in the systemtap scripting
language. The model is simple: for each place where the state change is to
be done we place a probe. In each probe handler, we detect whether the
context indicates an exploit is in progress and, if so, make changes to the
context. We might also need additional probes to detect and capture state
from before the vulnerable section of code, for diagnostic
purposes."
Here's an
article on the Red Hat security blog on the use of Systemtap to apply
emergency security fixes. "With the vulnerability-band-aid approach
chosen, we need to express our intent in the systemtap scripting
language. The model is simple: for each place where the state change is to
be done we place a probe. In each probe handler, we detect whether the
context indicates an exploit is in progress and, if so, make changes to the
context. We might also need additional probes to detect and capture state
from before the vulnerable section of code, for diagnostic
purposes."
