summaryrefslogtreecommitdiffstats
path: root/elaborate.cxx
diff options
context:
space:
mode:
authorDave Brolley <brolley@redhat.com>2009-10-09 11:09:12 -0400
committerDave Brolley <brolley@redhat.com>2009-10-09 11:09:12 -0400
commit2865d17a48d055b3aef6e45506292908800cdb21 (patch)
tree216ef4616108250518e0bd52b5c37a489f2906e0 /elaborate.cxx
parent47f025139d1c2e75781cdab40dc9195396133754 (diff)
downloadsystemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.gz
systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.xz
systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.zip
Generate safety net assertions in probe function not authorized for unprivileged users.
2009-10-08 Dave Brolley <brolley@redhat.com> * elaborate.h (emit_unprivileged_assertion): New virtual method of deriv ed_probe. (emit_process_owner_assertion): New static method of derived_probe. (check_unprivileged): New virtual method of derived_probe_builder. (match_node::unprivileged_ok): Removed. (match_node::allow_unprivileged): Removed. (match_node::unprivileged_allowed): Removed. * elaborate.cxx (translate.h): #include it. (emit_unprivileged_assertion): New virtual method of derived_probe. (emit_process_owner_assertion): New static method of derived_probe. (check_unprivileged): New virtual method of derived_probe_builder. (match_node::unprivileged_ok): Removed. (match_node::allow_unprivileged): Removed. (match_node::unprivileged_allowed): Removed. (find_and_build): Don't check for unprivileged restrictions here. Call t he builder's check_unprivileged method. (alias_expansion_builder::check_unprivileged): New virtual method. * tapset-been.cxx (be_derived_probe::emit_unprivileged_assertion): New v irtual method. (be_builder::check_unprivileged): Likewise. (never_derived_probe::emit_unprivileged_assertion): Likewise. (never_builder::check_unprivileged): Likewise. (register_tapset_been): Don't call allow_unprivileged. * tapset-itrace.cxx (itrace_derived_probe::emit_unprivileged_assertion): New virtual method. (itrace_builder::check_unprivileged): Likewise. (register_tapset_itrace): Don't call allow_unprivileged. * tapset-utrace.cxx (utrace_derived_probe::emit_unprivileged_assertion): New virtual method. (utrace_builder::check_unprivileged): Likewise. (register_tapset_utrace): Don't call allow_unprivileged. * tapset-timer.cxx (timer_derived_probe::emit_unprivileged_assertion): N ew virtual method. (timer_builder::check_unprivileged): Likewise. (register_tapset_timers): Don't call allow_unprivileged. * tapsets.cxx (uprobe_derived_probe::emit_unprivileged_assertion): New v irtual method. (uprobe_builder::check_unprivileged): Likewise. (register_standard_tapsets): Don't call allow_unprivileged. (register_statement_variants): Remove unprivileged_ok_p parameter. Don't call allow_unprivileged. (register_function_variants): Likewise. (register_function_and_statement_variants): Likewise. (register_patterns): Don't call allow_unprivileged. * translate.cxx (emit_probe): Call v->emit_unprivileged_assertion.
Diffstat (limited to 'elaborate.cxx')
-rw-r--r--elaborate.cxx69
1 files changed, 47 insertions, 22 deletions
diff --git a/elaborate.cxx b/elaborate.cxx
index 01c6e3cd..e8795a6c 100644
--- a/elaborate.cxx
+++ b/elaborate.cxx
@@ -9,6 +9,7 @@
#include "config.h"
#include "elaborate.h"
+#include "translate.h"
#include "parse.h"
#include "tapsets.h"
#include "session.h"
@@ -132,10 +133,50 @@ derived_probe::sole_location () const
}
+void
+derived_probe::emit_unprivileged_assertion (translator_output* o)
+{
+ // Emit code which will cause compilation to fail if it is compiled in
+ // unprivileged mode.
+ o->newline() << "#ifndef STP_PRIVILEGED";
+ o->newline() << "#error Internal Error: Probe ";
+ probe::printsig (o->line());
+ o->line() << " generated in --unprivileged mode";
+ o->newline() << "#endif";
+}
+
+
+void
+derived_probe::emit_process_owner_assertion (translator_output* o)
+{
+ // Emit code which will abort should the current target not belong to the
+ // user in unprivileged mode.
+ o->newline() << "#ifndef STP_PRIVILEGED";
+ o->newline(1) << "if (! is_myproc ()) {";
+ o->newline(1) << "snprintf(c->error_buffer, sizeof(c->error_buffer),";
+ o->newline() << " \"Internal Error: Process %d does not belong to user %d in probe %s in --unprivileged mode\",";
+ o->newline() << " current->tgid, _stp_uid, c->probe_point);";
+ o->newline() << "c->last_error = c->error_buffer;";
+ o->newline() << "goto out;";
+ o->newline(-1) << "}";
+ o->newline(-1) << "#endif";
+}
+
// ------------------------------------------------------------------------
// Members of derived_probe_builder
+void
+derived_probe_builder::check_unprivileged (const systemtap_session & sess,
+ const literal_map_t & parameters)
+{
+ // By default, probes are not allowed for unprivileged users.
+ if (sess.unprivileged)
+ {
+ throw semantic_error (string("probe point is not allowed for unprivileged users"));
+ }
+}
+
bool
derived_probe_builder::get_param (std::map<std::string, literal*> const & params,
const std::string& key,
@@ -261,7 +302,6 @@ match_key::globmatch(match_key const & other) const
// ------------------------------------------------------------------------
match_node::match_node()
- : unprivileged_ok (false)
{
}
@@ -303,19 +343,6 @@ match_node::bind_num(string const & k)
return bind(match_key(k).with_number());
}
-match_node*
-match_node::allow_unprivileged (bool b)
-{
- unprivileged_ok = b;
- return this;
-}
-
-bool
-match_node::unprivileged_allowed () const
-{
- return unprivileged_ok;
-}
-
void
match_node::find_and_build (systemtap_session& s,
probe* p, probe_point *loc, unsigned pos,
@@ -340,18 +367,11 @@ match_node::find_and_build (systemtap_session& s,
param_map[loc->components[i]->functor] = loc->components[i]->arg;
// maybe 0
- // Are we compiling for unprivileged users? */
- if (s.unprivileged)
- {
- // Is this probe point ok for unprivileged users?
- if (! unprivileged_allowed ())
- throw semantic_error (string("probe point is not allowed for unprivileged users"));
- }
-
// Iterate over all bound builders
for (unsigned k=0; k<ends.size(); k++)
{
derived_probe_builder *b = ends[k];
+ b->check_unprivileged (s, param_map);
b->build (s, p, loc, param_map, results);
}
}
@@ -573,6 +593,11 @@ alias_expansion_builder
}
return false;
}
+
+ // No action required. The actual probes will be checked when they are
+ // built.
+ virtual void check_unprivileged (const systemtap_session & sess,
+ const literal_map_t & parameters) {}
};