diff options
author | Dave Brolley <brolley@redhat.com> | 2009-04-20 11:32:04 -0400 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-04-20 11:32:04 -0400 |
commit | d4935c2f80122827a02d9f66c020d7e8ef6d6ade (patch) | |
tree | 2222a7c848a1480577854ff29ce079d9bf039853 /elaborate.cxx | |
parent | ae0430755d1605d934e9655d6f7206487fe6fc68 (diff) | |
download | systemtap-steved-d4935c2f80122827a02d9f66c020d7e8ef6d6ade.tar.gz systemtap-steved-d4935c2f80122827a02d9f66c020d7e8ef6d6ade.tar.xz systemtap-steved-d4935c2f80122827a02d9f66c020d7e8ef6d6ade.zip |
2009-04-20 Dave Brolley <brolley@redhat.com>
* main.cxx (main): Turn of guru_mode if --unprivileged is specified and
vice-versa.
* elaborate.h (unprivileged_whitelist): New member of match_node.
* elaborate.cxx (match_node::match_node): Initialize unprivileged_whitelist.
(match_node::find_and_build): In --unprivileged mode, throw a
semantic_error for probe components which are not in
uinprivileged_whitelist.
Diffstat (limited to 'elaborate.cxx')
-rw-r--r-- | elaborate.cxx | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/elaborate.cxx b/elaborate.cxx index b760173f..7bece6d4 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -262,7 +262,9 @@ match_key::globmatch(match_key const & other) const match_node::match_node() : end(NULL) -{} +{ + unprivileged_whitelist.push_back ("process"); +} match_node * match_node::bind(match_key const & k) @@ -311,6 +313,23 @@ match_node::find_and_build (systemtap_session& s, vector<derived_probe *>& results) { assert (pos <= loc->components.size()); + + // If we are in --unprivileged mode, exclude all "unsafe" probes. + if (s.unprivileged && pos == 0) + { + unsigned i; + for (i = 0; i < unprivileged_whitelist.size(); i++) + { + if (unprivileged_whitelist[i] == loc->components[pos]->functor) + break; + } + if (i == unprivileged_whitelist.size()) { + throw semantic_error (string("probe class ") + + loc->components[pos]->functor + + " is not allowed for unprivileged users"); + } + } + if (pos == loc->components.size()) // matched all probe point components so far { derived_probe_builder *b = end; // may be 0 if only nested names are bound |