diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
| commit | 2865d17a48d055b3aef6e45506292908800cdb21 (patch) | |
| tree | 216ef4616108250518e0bd52b5c37a489f2906e0 /elaborate.cxx | |
| parent | 47f025139d1c2e75781cdab40dc9195396133754 (diff) | |
| download | systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.gz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.xz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.zip | |
Generate safety net assertions in probe function not authorized for unprivileged users.
2009-10-08 Dave Brolley <brolley@redhat.com>
* elaborate.h (emit_unprivileged_assertion): New virtual method of deriv
ed_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
* elaborate.cxx (translate.h): #include it.
(emit_unprivileged_assertion): New virtual method of derived_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
(find_and_build): Don't check for unprivileged restrictions here. Call t
he
builder's check_unprivileged method.
(alias_expansion_builder::check_unprivileged): New virtual method.
* tapset-been.cxx (be_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(be_builder::check_unprivileged): Likewise.
(never_derived_probe::emit_unprivileged_assertion): Likewise.
(never_builder::check_unprivileged): Likewise.
(register_tapset_been): Don't call allow_unprivileged.
* tapset-itrace.cxx (itrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(itrace_builder::check_unprivileged): Likewise.
(register_tapset_itrace): Don't call allow_unprivileged.
* tapset-utrace.cxx (utrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(utrace_builder::check_unprivileged): Likewise.
(register_tapset_utrace): Don't call allow_unprivileged.
* tapset-timer.cxx (timer_derived_probe::emit_unprivileged_assertion): N
ew virtual
method.
(timer_builder::check_unprivileged): Likewise.
(register_tapset_timers): Don't call allow_unprivileged.
* tapsets.cxx (uprobe_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(uprobe_builder::check_unprivileged): Likewise.
(register_standard_tapsets): Don't call allow_unprivileged.
(register_statement_variants): Remove unprivileged_ok_p parameter. Don't
call
allow_unprivileged.
(register_function_variants): Likewise.
(register_function_and_statement_variants): Likewise.
(register_patterns): Don't call allow_unprivileged.
* translate.cxx (emit_probe): Call v->emit_unprivileged_assertion.
Diffstat (limited to 'elaborate.cxx')
| -rw-r--r-- | elaborate.cxx | 69 |
1 files changed, 47 insertions, 22 deletions
diff --git a/elaborate.cxx b/elaborate.cxx index 01c6e3cd..e8795a6c 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -9,6 +9,7 @@ #include "config.h" #include "elaborate.h" +#include "translate.h" #include "parse.h" #include "tapsets.h" #include "session.h" @@ -132,10 +133,50 @@ derived_probe::sole_location () const } +void +derived_probe::emit_unprivileged_assertion (translator_output* o) +{ + // Emit code which will cause compilation to fail if it is compiled in + // unprivileged mode. + o->newline() << "#ifndef STP_PRIVILEGED"; + o->newline() << "#error Internal Error: Probe "; + probe::printsig (o->line()); + o->line() << " generated in --unprivileged mode"; + o->newline() << "#endif"; +} + + +void +derived_probe::emit_process_owner_assertion (translator_output* o) +{ + // Emit code which will abort should the current target not belong to the + // user in unprivileged mode. + o->newline() << "#ifndef STP_PRIVILEGED"; + o->newline(1) << "if (! is_myproc ()) {"; + o->newline(1) << "snprintf(c->error_buffer, sizeof(c->error_buffer),"; + o->newline() << " \"Internal Error: Process %d does not belong to user %d in probe %s in --unprivileged mode\","; + o->newline() << " current->tgid, _stp_uid, c->probe_point);"; + o->newline() << "c->last_error = c->error_buffer;"; + o->newline() << "goto out;"; + o->newline(-1) << "}"; + o->newline(-1) << "#endif"; +} + // ------------------------------------------------------------------------ // Members of derived_probe_builder +void +derived_probe_builder::check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters) +{ + // By default, probes are not allowed for unprivileged users. + if (sess.unprivileged) + { + throw semantic_error (string("probe point is not allowed for unprivileged users")); + } +} + bool derived_probe_builder::get_param (std::map<std::string, literal*> const & params, const std::string& key, @@ -261,7 +302,6 @@ match_key::globmatch(match_key const & other) const // ------------------------------------------------------------------------ match_node::match_node() - : unprivileged_ok (false) { } @@ -303,19 +343,6 @@ match_node::bind_num(string const & k) return bind(match_key(k).with_number()); } -match_node* -match_node::allow_unprivileged (bool b) -{ - unprivileged_ok = b; - return this; -} - -bool -match_node::unprivileged_allowed () const -{ - return unprivileged_ok; -} - void match_node::find_and_build (systemtap_session& s, probe* p, probe_point *loc, unsigned pos, @@ -340,18 +367,11 @@ match_node::find_and_build (systemtap_session& s, param_map[loc->components[i]->functor] = loc->components[i]->arg; // maybe 0 - // Are we compiling for unprivileged users? */ - if (s.unprivileged) - { - // Is this probe point ok for unprivileged users? - if (! unprivileged_allowed ()) - throw semantic_error (string("probe point is not allowed for unprivileged users")); - } - // Iterate over all bound builders for (unsigned k=0; k<ends.size(); k++) { derived_probe_builder *b = ends[k]; + b->check_unprivileged (s, param_map); b->build (s, p, loc, param_map, results); } } @@ -573,6 +593,11 @@ alias_expansion_builder } return false; } + + // No action required. The actual probes will be checked when they are + // built. + virtual void check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters) {} }; |