Only sign modules if --unprivileged is specified.

Don't generate an error message for unsigned modules.
Make sure module signature exists before attempting to copy to the cache.
Allow timer p[robes for unprivileged users.

2 files changed, 2 insertions, 6 deletions

diff --git a/runtime/staprun/modverify.c b/runtime/staprun/modverify.c
index b50a69f4..f4b15ac3 100644
--- a/runtime/staprun/modverify.c
+++ b/runtime/staprun/modverify.c
@@ -203,11 +203,7 @@ verify_it (const char *inputName, const char *signatureName, SECKEYPublicKey *pu
   /* Get the size of the signature file.  */
   prStatus = PR_GetFileInfo (signatureName, &info);
   if (prStatus != PR_SUCCESS || info.type != PR_FILE_FILE || info.size < 0)
-    {
-      fprintf (stderr, "Unable to obtain information on the signature file %s.\n", signatureName);
-      nssError ();
-      return MODULE_UNTRUSTED; /* Not signed */
-    }
+    return MODULE_UNTRUSTED; /* Not signed */
 
   /* Open the signature file.  */
   local_file_fd = PR_Open (signatureName, PR_RDONLY, 0);
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 1ebd124e..669dc996 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -500,7 +500,7 @@ int check_permissions(void)
 		check_groups_rc = -1;
 	}
 #if HAVE_NSS
-	err("Alternatively, your module must be signed by a trusted signer.\n"
+	err("Alternatively, your module must be compiled using the --unprivileged option and signed by a trusted signer.\n"
 	    "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n");
 #endif