diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-06-11 11:58:55 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-06-11 11:58:55 -0400 |
| commit | b12c8986778619db5bec0a5e52f2d49247e6b5ba (patch) | |
| tree | b5136adab377bb897ca7d132b1807487c19d61db | |
| parent | 36b66efaae572dddcfb04e9a995ca69063d0e1ff (diff) | |
| download | systemtap-steved-b12c8986778619db5bec0a5e52f2d49247e6b5ba.tar.gz systemtap-steved-b12c8986778619db5bec0a5e52f2d49247e6b5ba.tar.xz systemtap-steved-b12c8986778619db5bec0a5e52f2d49247e6b5ba.zip | |
Only sign modules if --unprivileged is specified.
Don't generate an error message for unsigned modules.
Make sure module signature exists before attempting to copy to the cache.
Allow timer p[robes for unprivileged users.
| -rw-r--r-- | buildrun.cxx | 5 | ||||
| -rw-r--r-- | cache.cxx | 33 | ||||
| -rw-r--r-- | runtime/staprun/modverify.c | 6 | ||||
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 2 | ||||
| -rw-r--r-- | tapset-been.cxx | 32 | ||||
| -rw-r--r-- | tapset-timers.cxx | 91 | ||||
| -rw-r--r-- | translate.cxx | 33 | ||||
| -rw-r--r-- | translate.h | 3 | ||||
| -rw-r--r-- | util.cxx | 24 | ||||
| -rw-r--r-- | util.h | 2 |
10 files changed, 132 insertions, 99 deletions
diff --git a/buildrun.cxx b/buildrun.cxx index 54aa5d4f..effc6cd8 100644 --- a/buildrun.cxx +++ b/buildrun.cxx @@ -223,11 +223,12 @@ compile_pass (systemtap_session& s) rc = run_make_cmd(s, make_cmd); #if HAVE_NSS - // If a certificate database was specified, then try to sign the module. + // If a certificate database was specified, and we're in unprivileged + // mode, then try to sign the module. // Failure to do so is not a fatal error. If the signature is actually needed, // staprun will complain at that time. assert (! s.cert_db_path.empty()); - if (!rc) + if (s.unprivileged && ! rc) sign_module (s); #endif @@ -79,16 +79,19 @@ add_to_cache(systemtap_session& s) string module_signature_src_path = module_src_path; module_signature_src_path += ".sgn"; - if (s.verbose > 1) - clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl; - if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0) + if (file_exists (module_signature_src_path)) { - cerr << "Copy failed (\"" << module_signature_src_path << "\" to \"" - << module_signature_dest_path << "\"): " << strerror(errno) << endl; - // NB: this is not so severe as to prevent reuse of the .ko - // already copied. - // - // s.use_cache = false; + if (s.verbose > 1) + clog << "Copying " << module_signature_src_path << " to " << module_signature_dest_path << endl; + if (copy_file(module_signature_src_path.c_str(), module_signature_dest_path.c_str()) != 0) + { + cerr << "Copy failed (\"" << module_signature_src_path << "\" to \"" + << module_signature_dest_path << "\"): " << strerror(errno) << endl; + // NB: this is not so severe as to prevent reuse of the .ko + // already copied. + // + // s.use_cache = false; + } } #endif /* HAVE_NSS */ @@ -364,18 +367,6 @@ clean_cache(systemtap_session& s) } } -// Get the size of a file in bytes -static size_t -get_file_size(const string &path) -{ - struct stat file_info; - - if (stat(path.c_str(), &file_info) == 0) - return file_info.st_size; - else - return 0; -} - //Assign a weight for a particular file. A lower weight // will be removed before a higher weight. //TODO: for now use system mtime... later base a diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c index b50a69f4..f4b15ac3 100644 --- a/runtime/staprun/modverify.c +++ b/runtime/staprun/modverify.c @@ -203,11 +203,7 @@ verify_it (const char *inputName, const char *signatureName, SECKEYPublicKey *pu /* Get the size of the signature file. */ prStatus = PR_GetFileInfo (signatureName, &info); if (prStatus != PR_SUCCESS || info.type != PR_FILE_FILE || info.size < 0) - { - fprintf (stderr, "Unable to obtain information on the signature file %s.\n", signatureName); - nssError (); - return MODULE_UNTRUSTED; /* Not signed */ - } + return MODULE_UNTRUSTED; /* Not signed */ /* Open the signature file. */ local_file_fd = PR_Open (signatureName, PR_RDONLY, 0); diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 1ebd124e..669dc996 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -500,7 +500,7 @@ int check_permissions(void) check_groups_rc = -1; } #if HAVE_NSS - err("Alternatively, your module must be signed by a trusted signer.\n" + err("Alternatively, your module must be compiled using the --unprivileged option and signed by a trusted signer.\n" "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n"); #endif diff --git a/tapset-been.cxx b/tapset-been.cxx index 3f693837..99b59574 100644 --- a/tapset-been.cxx +++ b/tapset-been.cxx @@ -215,14 +215,30 @@ register_tapset_been(systemtap_session& s) { match_node* root = s.pattern_root; - root->bind(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN)); - root->bind_num(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN)); - root->bind(TOK_END)->allow_unprivileged()->bind(new be_builder(END)); - root->bind_num(TOK_END)->allow_unprivileged()->bind(new be_builder(END)); - root->bind(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR)); - root->bind_num(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR)); - - root->bind(TOK_NEVER)->allow_unprivileged()->bind(new never_builder()); + root->bind(TOK_BEGIN) + ->allow_unprivileged() + ->bind(new be_builder(BEGIN)); + root->bind_num(TOK_BEGIN) + ->allow_unprivileged() + ->bind(new be_builder(BEGIN)); + + root->bind(TOK_END) + ->allow_unprivileged() + ->bind(new be_builder(END)); + root->bind_num(TOK_END) + ->allow_unprivileged() + ->bind(new be_builder(END)); + + root->bind(TOK_ERROR) + ->allow_unprivileged() + ->bind(new be_builder(ERROR)); + root->bind_num(TOK_ERROR) + ->allow_unprivileged() + ->bind(new be_builder(ERROR)); + + root->bind(TOK_NEVER) + ->allow_unprivileged() + ->bind(new never_builder()); } /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ diff --git a/tapset-timers.cxx b/tapset-timers.cxx index 1dc0acac..565a54e8 100644 --- a/tapset-timers.cxx +++ b/tapset-timers.cxx @@ -593,32 +593,71 @@ register_tapset_timers(systemtap_session& s) root = root->bind(TOK_TIMER); - root->bind_num("s")->bind(builder); - root->bind_num("s")->bind_num("randomize")->bind(builder); - root->bind_num("sec")->bind(builder); - root->bind_num("sec")->bind_num("randomize")->bind(builder); - - root->bind_num("ms")->bind(builder); - root->bind_num("ms")->bind_num("randomize")->bind(builder); - root->bind_num("msec")->bind(builder); - root->bind_num("msec")->bind_num("randomize")->bind(builder); - - root->bind_num("us")->bind(builder); - root->bind_num("us")->bind_num("randomize")->bind(builder); - root->bind_num("usec")->bind(builder); - root->bind_num("usec")->bind_num("randomize")->bind(builder); - - root->bind_num("ns")->bind(builder); - root->bind_num("ns")->bind_num("randomize")->bind(builder); - root->bind_num("nsec")->bind(builder); - root->bind_num("nsec")->bind_num("randomize")->bind(builder); - - root->bind_num("jiffies")->bind(builder); - root->bind_num("jiffies")->bind_num("randomize")->bind(builder); - - root->bind_num("hz")->bind(builder); - - root->bind("profile")->bind(builder); + root->bind_num("s") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("s")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("sec") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("sec")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + + root->bind_num("ms") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("ms")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("msec") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("msec")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + + root->bind_num("us") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("us")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("usec") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("usec")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + + root->bind_num("ns") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("ns")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("nsec") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("nsec")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + + root->bind_num("jiffies") + ->allow_unprivileged() + ->bind(builder); + root->bind_num("jiffies")->bind_num("randomize") + ->allow_unprivileged() + ->bind(builder); + + root->bind_num("hz") + ->allow_unprivileged() + ->bind(builder); + + root->bind("profile") + ->bind(builder); } diff --git a/translate.cxx b/translate.cxx index 0ef790db..060013bb 100644 --- a/translate.cxx +++ b/translate.cxx @@ -66,7 +66,6 @@ struct c_unparser: public unparser, public visitor void emit_global_init (vardecl* v); void emit_global_param (vardecl* v); void emit_functionsig (functiondecl* v); - void emit_unprivileged_user_check (); void emit_module_init (); void emit_module_exit (); void emit_function (functiondecl* v); @@ -1089,30 +1088,6 @@ c_unparser::emit_functionsig (functiondecl* v) void -c_unparser::emit_unprivileged_user_check () -{ - // If the --unprivileged option was specified then the module - // will be safe for unprivileged users, if it is successfully generated, - // so no check need be emitted. - if (session->unprivileged) - return; - - // Otherwise, generate code to check whether the user is unprivileged. - // If so, then generate an error and indicate that the check has failed. - o->newline(); - o->newline() << "static int systemtap_unprivileged_user_check (void) {"; - o->newline(1) << "if (! _stp_unprivileged_user)"; - o->newline(1) << "return 0;"; - - o->newline(-1) << "_stp_error (\"You are attempting to run stap as an ordinary user.\");"; - o->newline() << "_stp_error (\"Your module must be compiled using the --unprivileged option.\");"; - o->newline() << "return 1;"; - - o->newline(-1) << "}\n"; -} - - -void c_unparser::emit_module_init () { vector<derived_probe_group*> g = all_session_groups (*session); @@ -1156,11 +1131,6 @@ c_unparser::emit_module_init () o->newline(-1) << "}"; - if (! session->unprivileged) { - // Check whether the user is unprivileged. - o->newline() << "if (systemtap_unprivileged_user_check ()) rc = -EINVAL;"; - } - o->newline() << "if (rc) goto out;"; // initialize gettimeofday (if needed) @@ -5217,9 +5187,6 @@ translate_pass (systemtap_session& s) s.op->assert_0_indent(); s.op->newline(); - s.up->emit_unprivileged_user_check (); - s.op->assert_0_indent(); - s.op->newline(); s.up->emit_module_init (); s.op->assert_0_indent(); s.op->newline(); diff --git a/translate.h b/translate.h index 2c59a495..d1bff678 100644 --- a/translate.h +++ b/translate.h @@ -79,9 +79,6 @@ struct unparser virtual void emit_functionsig (functiondecl* v) = 0; // static void function_NAME (context* c); - virtual void emit_unprivileged_user_check () = 0; - // static void systemtap_check_unprivileged_user - virtual void emit_module_init () = 0; virtual void emit_module_exit () = 0; // XXX @@ -51,6 +51,30 @@ get_home_directory(void) } +// Get the size of a file in bytes +size_t +get_file_size(const string &path) +{ + struct stat file_info; + + if (stat(path.c_str(), &file_info) == 0) + return file_info.st_size; + else + return 0; +} + +// Get the size of a file in bytes +bool +file_exists (const string &path) +{ + struct stat file_info; + + if (stat(path.c_str(), &file_info) == 0) + return true; + + return false; +} + // Copy a file. The copy is done via a temporary file and atomic // rename. int @@ -6,6 +6,8 @@ #include <cctype> const char *get_home_directory(void); +size_t get_file_size(const std::string &path); +bool file_exists (const std::string &path); int copy_file(const char *src, const char *dest); int create_dir(const char *dir); int remove_file_or_dir(const char *dir); |