diff options
| author | Frank Ch. Eigler <fche@elastic.org> | 2010-01-27 22:10:56 -0500 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@elastic.org> | 2010-01-27 22:10:56 -0500 |
| commit | 2addc662c2d3d29f6a6cd1fa6ef224b67fce21b8 (patch) | |
| tree | d4f2afe3c99d91625134cc03e4f598e894c27575 /stap-serverd | |
| parent | 9368734e8db693bc2d936ecfaa27f812b5b5dd42 (diff) | |
| download | systemtap-steved-2addc662c2d3d29f6a6cd1fa6ef224b67fce21b8.tar.gz systemtap-steved-2addc662c2d3d29f6a6cd1fa6ef224b67fce21b8.tar.xz systemtap-steved-2addc662c2d3d29f6a6cd1fa6ef224b67fce21b8.zip | |
PR11197: prevent startup of stap-server as root
* stap-serverd: Block startup if whoami=root, unless magic
environment variable is set.
* testsuite/lib/systemtap.exp: Set magic environment variable to
override protection.
Diffstat (limited to 'stap-serverd')
| -rwxr-xr-x | stap-serverd | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/stap-serverd b/stap-serverd index 4d8a10ce..fc186233 100755 --- a/stap-serverd +++ b/stap-serverd @@ -2,7 +2,7 @@ # Compile server manager for systemtap # -# Copyright (C) 2008, 2009 Red Hat Inc. +# Copyright (C) 2008-2010 Red Hat Inc. # # This file is part of systemtap, and is free software. You can # redistribute it and/or modify it under the terms of the GNU General @@ -19,6 +19,17 @@ trap 'terminate' SIGTERM SIGINT # Initialize the environment . ${PKGLIBEXECDIR}stap-env +# PR11197: security prophylactics +if [ -z "$STAP_PR11197_OVERRIDE" ]; then + # 1) reject use as root, except via a special environment variable + if [ `id -u` -eq 0 ]; then + echo "For security reasons, invocation of stap-server as root is not supported." 1>&2 + exit 1 + fi + # 2) ... etc ... +fi + + #----------------------------------------------------------------------------- # Helper functions. #----------------------------------------------------------------------------- |