2009-04-20 Dave Brolley <brolley@redhat.com>

	* main.cxx (main): Turn of guru_mode if --unprivileged is specified and
	vice-versa.
	* elaborate.h (unprivileged_whitelist): New member of match_node.
	* elaborate.cxx (match_node::match_node): Initialize unprivileged_whitelist.
	(match_node::find_and_build): In --unprivileged mode, throw a
	semantic_error for probe components which are not in
	uinprivileged_whitelist.

1 files changed, 20 insertions, 1 deletions

diff --git a/elaborate.cxx b/elaborate.cxx
index b760173f..7bece6d4 100644
--- a/elaborate.cxx
+++ b/elaborate.cxx
@@ -262,7 +262,9 @@ match_key::globmatch(match_key const & other) const
 
 match_node::match_node()
   : end(NULL)
-{}
+{
+  unprivileged_whitelist.push_back ("process");
+}
 
 match_node *
 match_node::bind(match_key const & k)
@@ -311,6 +313,23 @@ match_node::find_and_build (systemtap_session& s,
                             vector<derived_probe *>& results)
 {
   assert (pos <= loc->components.size());
+
+  // If we are in --unprivileged mode, exclude all "unsafe" probes.
+  if (s.unprivileged && pos == 0)
+    {
+      unsigned i;
+      for (i = 0; i < unprivileged_whitelist.size(); i++)
+	{
+	  if (unprivileged_whitelist[i] == loc->components[pos]->functor)
+	    break;
+	}
+      if (i == unprivileged_whitelist.size()) {
+	throw semantic_error (string("probe class ") +
+			      loc->components[pos]->functor +
+			      " is not allowed for unprivileged users");
+      }
+    }
+
   if (pos == loc->components.size()) // matched all probe point components so far
     {
       derived_probe_builder *b = end; // may be 0 if only nested names are bound