On Fri, Mar 13, 2020 at 7:59 AM Cristian Spinetta <[email protected]> wrote: > > Hi all! > > I am curious about whether it is safe to enable root access to BCC scripts on > production machines. > In my company, each team has access to their instances via ssh, and we are > thinking to allow them to use bcc in production. For this purpose we need to > allow root access to any BCC tool. Do you think it would be safe? for > example, is there some tool that can receive a command to execute? in that > case it would be unsafe because someone could execute any command thought a > bcc tool. > > e.g.: > sudo /usr/share/bcc/tools/some-great-tool.sh dd if=/dev/zero of=/dev/sda > bs=512 count=1 conv=notrunc
^^^^ sudo isn't safe. If you remove the BCC tool from this one-liner, you'll find it still destroys your disk. In practice the production concern I have is for the overhead of each tool, hence the overhead section in each tool's man page. Brendan > > Best, > Cristian Spinetta > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1824): https://lists.iovisor.org/g/iovisor-dev/message/1824 Mute This Topic: https://lists.iovisor.org/mt/71927692/21656 Group Owner: [email protected] Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
