diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
| commit | 2865d17a48d055b3aef6e45506292908800cdb21 (patch) | |
| tree | 216ef4616108250518e0bd52b5c37a489f2906e0 /elaborate.h | |
| parent | 47f025139d1c2e75781cdab40dc9195396133754 (diff) | |
| download | systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.gz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.xz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.zip | |
Generate safety net assertions in probe function not authorized for unprivileged users.
2009-10-08 Dave Brolley <brolley@redhat.com>
* elaborate.h (emit_unprivileged_assertion): New virtual method of deriv
ed_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
* elaborate.cxx (translate.h): #include it.
(emit_unprivileged_assertion): New virtual method of derived_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
(find_and_build): Don't check for unprivileged restrictions here. Call t
he
builder's check_unprivileged method.
(alias_expansion_builder::check_unprivileged): New virtual method.
* tapset-been.cxx (be_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(be_builder::check_unprivileged): Likewise.
(never_derived_probe::emit_unprivileged_assertion): Likewise.
(never_builder::check_unprivileged): Likewise.
(register_tapset_been): Don't call allow_unprivileged.
* tapset-itrace.cxx (itrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(itrace_builder::check_unprivileged): Likewise.
(register_tapset_itrace): Don't call allow_unprivileged.
* tapset-utrace.cxx (utrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(utrace_builder::check_unprivileged): Likewise.
(register_tapset_utrace): Don't call allow_unprivileged.
* tapset-timer.cxx (timer_derived_probe::emit_unprivileged_assertion): N
ew virtual
method.
(timer_builder::check_unprivileged): Likewise.
(register_tapset_timers): Don't call allow_unprivileged.
* tapsets.cxx (uprobe_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(uprobe_builder::check_unprivileged): Likewise.
(register_standard_tapsets): Don't call allow_unprivileged.
(register_statement_variants): Remove unprivileged_ok_p parameter. Don't
call
allow_unprivileged.
(register_function_variants): Likewise.
(register_function_and_statement_variants): Likewise.
(register_patterns): Don't call allow_unprivileged.
* translate.cxx (emit_probe): Call v->emit_unprivileged_assertion.
Diffstat (limited to 'elaborate.h')
| -rw-r--r-- | elaborate.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/elaborate.h b/elaborate.h index cd60b8bb..d41608cb 100644 --- a/elaborate.h +++ b/elaborate.h @@ -146,11 +146,19 @@ struct derived_probe: public probe // From within unparser::emit_probe, emit any extra processing block // for this probe. + virtual void emit_unprivileged_assertion (translator_output*); + // From within unparser::emit_probe, emit any unprivileged mode + // checking for this probe. + public: static void emit_common_header (translator_output* o); // from c_unparser::emit_common_header // XXX: probably can move this stuff to a probe_group::emit_module_decls + static void emit_process_owner_assertion (translator_output*); + // From within unparser::emit_probe, emit a check that the current + // process belongs to the user. + virtual bool needs_global_locks () { return true; } // by default, probes need locks around global variables }; @@ -199,6 +207,8 @@ struct derived_probe_builder probe_point* location, literal_map_t const & parameters, std::vector<derived_probe*> & finished_results) = 0; + virtual void check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters); virtual ~derived_probe_builder() {} virtual void build_no_more (systemtap_session &) {} @@ -236,7 +246,6 @@ match_node typedef std::map<match_key, match_node*>::iterator sub_map_iterator_t; sub_map_t sub; std::vector<derived_probe_builder*> ends; - bool unprivileged_ok; public: match_node(); @@ -251,9 +260,6 @@ match_node match_node* bind_str(std::string const & k); match_node* bind_num(std::string const & k); void bind(derived_probe_builder* e); - - match_node* allow_unprivileged (bool b = true); - bool unprivileged_allowed () const; }; // ------------------------------------------------------------------------ |