diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-11-12 10:23:59 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-11-12 10:23:59 -0500 |
| commit | 3e6b1e441a3a9ac6d8232265caa358b4b6ad00bf (patch) | |
| tree | 5d9af84059faaaacfc23e2513de21386bfc7c0a6 | |
| parent | 56cfcfc6e4a93b62681926f6eb06339f4e38ac84 (diff) | |
| download | systemtap-steved-3e6b1e441a3a9ac6d8232265caa358b4b6ad00bf.tar.gz systemtap-steved-3e6b1e441a3a9ac6d8232265caa358b4b6ad00bf.tar.xz systemtap-steved-3e6b1e441a3a9ac6d8232265caa358b4b6ad00bf.zip | |
Relax restrictions on ownership and access permissions of signer's cert database.
| -rw-r--r-- | modsign.cxx | 7 | ||||
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/modsign.cxx b/modsign.cxx index a73386e3..1fc4ef32 100644 --- a/modsign.cxx +++ b/modsign.cxx @@ -69,6 +69,7 @@ check_cert_file_permissions ( rc = 1; // ok +#if 0 // these checks are probably overkill // We must be the owner of the file. if (info.st_uid != euid) { @@ -111,6 +112,8 @@ check_cert_file_permissions ( cerr << "Certificate file " << cert_file << " must not be executable by others" << "." << endl; rc = 0; } +#endif // these checks are probably overkill + return rc; } @@ -141,6 +144,7 @@ check_db_file_permissions ( rc = 1; // ok +#if 0 // these checks are probably overkill // We must be the owner of the file. if (info.st_uid != euid) { @@ -189,6 +193,7 @@ check_db_file_permissions ( cerr << "Certificate database file " << cert_db_file << " must not be executable by others" << "." << endl; rc = 0; } +#endif // these checks are probably overkill return rc; } @@ -220,6 +225,7 @@ check_cert_db_permissions (const string &cert_db_path) { // We must be the owner of the database. euid = geteuid (); pw = getpwuid (euid); +#if 0 // these checks are probably overkill if (! pw) { cerr << "Unable to obtain current user information which checking certificate database " @@ -259,6 +265,7 @@ check_cert_db_permissions (const string &cert_db_path) { } if ((info.st_mode & S_IXOTH) == 0) cerr << "Certificate database " << cert_db_path << " should be searchable by others" << "." << endl; +#endif // these checks are probably overkill // Now check the permissions of the critical files. rc &= check_db_file_permissions (cert_db_path + "/cert8.db", euid, pw); diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 4e6b9189..4df1992c 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -533,5 +533,6 @@ void assert_uprobes_module_permissions( err("run '" BINDIR "/stap-authorize-signing-cert %s' as root\n", SYSCONFDIR "/systemtap/ssl/server/stap.cert"); } + exit(-1); #endif } |