On Mon, 18 Apr 2022 13:22:51 +0300 Tzvetomir Stoyanov <tz.stoyanov@xxxxxxxxx> wrote: > On Mon, Apr 18, 2022 at 11:28 AM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > > > From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx> > > > > Add a -N option to trace-cmd agent to listen on a network socket that > > can be used by trace-cmd record -A to connect with. > > > > I have concerns about exposing the agent over the network, without any > client authentication. It runs with root privileges, the kernel > tracing data will be exposed to anyone over the network. At least, > this should be written clearly in the documentation and even should be > printed by "trace-cmd agent -N ...". I saw your patch that adds a name > or IP address of the client as parameter, it is some security, but the > tracing data itself still flows unencrypted over the network and could > be visible to anyone. True. But it's similar to telnet. The use case for this option is for local networks where you expect to "trust" the network. I'm fine with adding more warnings and stating that this is "NOT SECURE" in big letters to let people know the dangers of it. I'm hoping to have more authentication in the future. I could even have it print a warning "UNSECURE CONNECTION" or something to enforce that this is not something you want to use in any scenario. -- Steve
|