Allow process begin/end probes for unprivileged users.

2009-09-03  Dave Brolley  <brolley@redhat.com>

        * tapsets.cxx (visit_cast_op): Don't disallow unprivileged users.
        Annotate synthesized function with /* unprivileged */.
        * tapset-utrace.cxx (register_tapset_utrace): Call allow_unprivileged
        for process begin and end probes.
        * translate.cxx (translate_pass): Generate '#define STP_PRIVILEGED 1'
        unless --unprivileged was specified.
        * runtime/transport/transport.c: Don't define _stp_unprivileged_user.
        * runtime/task_finder.c (__stp_utrace_attach_match_filename): Check
        that _stp_uid equals the task euid when STP_PRIVILEGED is not defined.
        (stap_start_task_finder): Likewise.
        * runtime/staprun/staprun.c (insert_stap_module): Don't generate
        module option _stp_unprivileged_user.

6 files changed, 42 insertions, 22 deletions

diff --git a/runtime/staprun/staprun.c b/runtime/staprun/staprun.c
index 7eb7f28f..da3e304b 100644
--- a/runtime/staprun/staprun.c
+++ b/runtime/staprun/staprun.c
@@ -145,19 +145,11 @@ static int enable_uprobes(void)
 static int insert_stap_module(void)
 {
 	char special_options[128];
-	char *bufptr = special_options;
 
 	/* Add the _stp_bufsize option.  */
-	if (snprintf_chk(bufptr, sizeof (special_options), "_stp_bufsize=%d", buffer_size))
+	if (snprintf_chk(special_options, sizeof (special_options), "_stp_bufsize=%d", buffer_size))
 		return -1;
 
-	/* Add the _stp_unprivileged_user option.  */
-	bufptr += strlen (bufptr);
-	if (snprintf_chk(bufptr,
-			 sizeof (special_options) - (bufptr - special_options),
-			 " _stp_unprivileged_user=%d", unprivileged_user))
-	  return -1;
-
 	return insert_module(modpath, special_options, modoptions);
 }
 
diff --git a/runtime/task_finder.c b/runtime/task_finder.c
index ca807020..fb6dc20d 100644
--- a/runtime/task_finder.c
+++ b/runtime/task_finder.c
@@ -753,6 +753,18 @@ __stp_utrace_attach_match_filename(struct task_struct *tsk,
 		/* Notice that "pid == 0" (which means to probe all
 		 * threads) falls through. */
 
+#ifndef STP_PRIVILEGED
+		/* Make sure unprivileged users only probe their own threads. */
+		if (_stp_uid != tsk->euid) {
+			if (tgt->pid != 0) {
+				_stp_warn("Process %d does not belong to unprivileged user %d",
+					  tsk->pid, _stp_uid);
+			}
+			continue;
+		}
+#endif
+
+
 		// Set up events we need for attached tasks. When
 		// register_p is set, we won't actually call the
 		// callbacks here - we'll call it when the thread gets
@@ -1414,6 +1426,17 @@ stap_start_task_finder(void)
 			/* Notice that "pid == 0" (which means to
 			 * probe all threads) falls through. */
 
+#ifndef STP_PRIVILEGED
+			/* Make sure unprivileged users only probe their own threads.  */
+			if (_stp_uid != tsk->euid) {
+				if (tgt->pid != 0) {
+					_stp_warn("Process %d does not belong to unprivileged user %d",
+						  tsk->pid, _stp_uid);
+				}
+				continue;
+			}
+#endif
+
 			// Set up events we need for attached tasks.
 			rc = __stp_utrace_attach(tsk, &tgt->ops, tgt,
 						 __STP_ATTACHED_TASK_EVENTS,
diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c
index ec73f05f..1d029e53 100644
--- a/runtime/transport/transport.c
+++ b/runtime/transport/transport.c
@@ -59,10 +59,6 @@ static int _stp_bufsize;
 module_param(_stp_bufsize, int, 0);
 MODULE_PARM_DESC(_stp_bufsize, "buffer size");
 
-static int _stp_unprivileged_user;
-module_param(_stp_unprivileged_user, int, 1);
-MODULE_PARM_DESC(_stp_unprivileged_user, "user is unprivileged");
-
 /* forward declarations */
 static void probe_exit(void);
 static int probe_start(void);
diff --git a/tapset-utrace.cxx b/tapset-utrace.cxx
index 6872c87c..d9d95f82 100644
--- a/tapset-utrace.cxx
+++ b/tapset-utrace.cxx
@@ -1033,12 +1033,20 @@ register_tapset_utrace(systemtap_session& s)
 
   for (unsigned i = 0; i < roots.size(); ++i)
     {
-      roots[i]->bind(TOK_BEGIN)->bind(builder);
-      roots[i]->bind(TOK_END)->bind(builder);
-      roots[i]->bind(TOK_THREAD)->bind(TOK_BEGIN)->bind(builder);
-      roots[i]->bind(TOK_THREAD)->bind(TOK_END)->bind(builder);
-      roots[i]->bind(TOK_SYSCALL)->bind(builder);
-      roots[i]->bind(TOK_SYSCALL)->bind(TOK_RETURN)->bind(builder);
+      roots[i]->bind(TOK_BEGIN)
+	->allow_unprivileged()
+	->bind(builder);
+      roots[i]->bind(TOK_END)
+	->allow_unprivileged()
+	->bind(builder);
+      roots[i]->bind(TOK_THREAD)->bind(TOK_BEGIN)
+	->bind(builder);
+      roots[i]->bind(TOK_THREAD)->bind(TOK_END)
+	->bind(builder);
+      roots[i]->bind(TOK_SYSCALL)
+	->bind(builder);
+      roots[i]->bind(TOK_SYSCALL)->bind(TOK_RETURN)
+	->bind(builder);
     }
 }
 
diff --git a/tapsets.cxx b/tapsets.cxx
index fccb73c8..6a52050c 100644
--- a/tapsets.cxx
+++ b/tapsets.cxx
@@ -2510,9 +2510,6 @@ void dwarf_cast_expanding_visitor::filter_special_modules(string& module)
 
 void dwarf_cast_expanding_visitor::visit_cast_op (cast_op* e)
 {
-  if (s.unprivileged)
-    throw semantic_error("typecasting may not be used when --unprivileged is specified", e->tok);
-
   bool lvalue = is_active_lvalue(e);
   if (lvalue && !s.guru_mode)
     throw semantic_error("write to typecast value not permitted", e->tok);
@@ -2618,6 +2615,8 @@ void dwarf_cast_expanding_visitor::visit_cast_op (cast_op* e)
   else
     ec->code += "/* pure */";
 
+  ec->code += "/* unprivileged */";
+
   s.functions[fdecl->name] = fdecl;
 
   // Synthesize a functioncall.
diff --git a/translate.cxx b/translate.cxx
index 65acd2ca..c0f7b48b 100644
--- a/translate.cxx
+++ b/translate.cxx
@@ -5210,6 +5210,8 @@ translate_pass (systemtap_session& s)
       if (ri.recursive) nesting += 10;
 
       // This is at the very top of the file.
+      if (! s.unprivileged)
+	s.op->newline() << "#define STP_PRIVILEGED 1";
       s.op->newline() << "#ifndef MAXNESTING";
       s.op->newline() << "#define MAXNESTING " << nesting;
       s.op->newline() << "#endif";