diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-04-22 11:57:00 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-04-22 11:57:00 -0400 |
| commit | 88e8da383e47adafc9e75c4f10aecd0ce4ad959f (patch) | |
| tree | 0770182c737b0779554a7b0bcd1786fb37b6b8c9 /elaborate.cxx | |
| parent | 623a41aeb47995f6b5790e38f9e0e10959f98b4e (diff) | |
| download | systemtap-steved-88e8da383e47adafc9e75c4f10aecd0ce4ad959f.tar.gz systemtap-steved-88e8da383e47adafc9e75c4f10aecd0ce4ad959f.tar.xz systemtap-steved-88e8da383e47adafc9e75c4f10aecd0ce4ad959f.zip | |
2009-04-22 Dave Brolley <brolley@redhat.com>
* elaborate.h (unprivileged_whitelist): Removed.
(unprivileged_ok): New member of match_node.
(allow_unprivileged,unprivileged_allowed): New methods of match_node.
* elaborate.cxx (match_node): Initialize unprivileged_ok. Remove
initialization of unprivileged_whitelist.
(allow_unprivileged,unprivileged_allowed): New methods of match_node.
(matchnode::find_and_build): Remove check of unprivileged_whitelist.
Call unprivileged_allowed.
* tapsets.cxx (dwarf_derived_probe::register_function_and_statement_variants):
New parameter: unprivileged_ok.
(dwarf_derived_probe::register_function_variants): Likewise.
(dwarf_derived_probe::register_statement_variants): Likeiwse.
(register_standard_tapsets): Call allow_unprivileged for nodes which are
safe for unprivileged users.
Diffstat (limited to 'elaborate.cxx')
| -rw-r--r-- | elaborate.cxx | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/elaborate.cxx b/elaborate.cxx index b5d6046b..a1c2e652 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -261,9 +261,8 @@ match_key::globmatch(match_key const & other) const // ------------------------------------------------------------------------ match_node::match_node() - : end(NULL) + : end(NULL), unprivileged_ok (false) { - unprivileged_whitelist.push_back ("process"); } match_node * @@ -306,6 +305,18 @@ match_node::bind_num(string const & k) return bind(match_key(k).with_number()); } +match_node* +match_node::allow_unprivileged (bool b) +{ + unprivileged_ok = b; + return this; +} + +bool +match_node::unprivileged_allowed () const +{ + return unprivileged_ok; +} void match_node::find_and_build (systemtap_session& s, @@ -313,23 +324,6 @@ match_node::find_and_build (systemtap_session& s, vector<derived_probe *>& results) { assert (pos <= loc->components.size()); - - // If we are in --unprivileged mode, exclude all "unsafe" probes. - if (s.unprivileged && pos == 0) - { - unsigned i; - for (i = 0; i < unprivileged_whitelist.size(); i++) - { - if (unprivileged_whitelist[i] == loc->components[pos]->functor) - break; - } - if (i == unprivileged_whitelist.size()) { - throw semantic_error (string("probe class ") + - loc->components[pos]->functor + - " is not allowed for unprivileged users"); - } - } - if (pos == loc->components.size()) // matched all probe point components so far { derived_probe_builder *b = end; // may be 0 if only nested names are bound @@ -350,6 +344,14 @@ match_node::find_and_build (systemtap_session& s, param_map[loc->components[i]->functor] = loc->components[i]->arg; // maybe 0 + // Are we compiling for unprivileged users? */ + if (s.unprivileged) + { + // Is this probe point ok for unprivileged users? + if (! unprivileged_allowed ()) + throw semantic_error (string("probe point is not allowed for unprivileged users")); + } + b->build (s, p, loc, param_map, results); } else if (isglob(loc->components[pos]->functor)) // wildcard? |