Don't automatically authorize new root certificates as trusted signers.

author: Dave Brolley <brolley@redhat.com> 2009-12-15 11:13:13 -0500
committer: Dave Brolley <brolley@redhat.com> 2009-12-15 11:13:13 -0500
commit: 2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c (patch)
tree: bc4cf413f8532769e4ba871309b1b6cf5e2adb10 /modsign.cxx
parent: b8f1753c091d3f75ea4a71bfb709d8e50780d3fb (diff)
download: systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.tar.gz
systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.tar.xz
systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.zip
1 files changed, 1 insertions, 9 deletions
diff --git a/modsign.cxx b/modsign.cxx
index 0965b923..326534ce 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -49,20 +49,12 @@ using namespace std;
  */
 static int
 init_cert_db_path (const string &cert_db_path) {
-  int rc, rc1;
+  int rc;
 
   // Generate the certificate and database.
   string cmd = BINDIR "/stap-gen-cert " + cert_db_path;
   rc = system (cmd.c_str ()) == 0;
 
-  // If we are root, authorize the new certificate as a trusted
-  // signer. It is not an error if this fails.
-  if (geteuid () == 0)
-    {
-      cmd = BINDIR "/stap-authorize-signing-cert " + cert_db_path + "/stap.cert";
-      rc1 = system (cmd.c_str ());
-    }
-
   return rc;
 }
author	Dave Brolley <brolley@redhat.com>	2009-12-15 11:13:13 -0500
committer	Dave Brolley <brolley@redhat.com>	2009-12-15 11:13:13 -0500
commit	2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c (patch)
tree	bc4cf413f8532769e4ba871309b1b6cf5e2adb10 /modsign.cxx
parent	b8f1753c091d3f75ea4a71bfb709d8e50780d3fb (diff)
download	systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.tar.gz systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.tar.xz systemtap-steved-2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c.zip