diff options
author | Dave Brolley <brolley@redhat.com> | 2009-06-25 11:50:47 -0400 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-06-25 11:50:47 -0400 |
commit | 313db8e6d1e62f372d168b7368f220cb432d07d6 (patch) | |
tree | 54fdfdbc16b25dfab4e7b3b025971e4adf420e7d /staptree.cxx | |
parent | f75b6811dee35832309e55a9e3455c40d4c13437 (diff) | |
download | systemtap-steved-313db8e6d1e62f372d168b7368f220cb432d07d6.tar.gz systemtap-steved-313db8e6d1e62f372d168b7368f220cb432d07d6.tar.xz systemtap-steved-313db8e6d1e62f372d168b7368f220cb432d07d6.zip |
Disallow embedded C in tapset functions ifor unprivileged users unless tagged by /* unprivileged */.
Diffstat (limited to 'staptree.cxx')
-rw-r--r-- | staptree.cxx | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/staptree.cxx b/staptree.cxx index 8d251731..df075f44 100644 --- a/staptree.cxx +++ b/staptree.cxx @@ -10,6 +10,7 @@ #include "staptree.h" #include "parse.h" #include "util.h" +#include "session.h" #include <iostream> #include <typeinfo> @@ -1684,6 +1685,14 @@ functioncall_traversing_visitor::visit_functioncall (functioncall* e) void varuse_collecting_visitor::visit_embeddedcode (embeddedcode *s) { + assert (current_function); // only they get embedded code + + // Don't allow embedded C functions in unprivileged mode unless + // they are tagged with /* unprivileged */ + if (session.unprivileged && s->code.find ("/* unprivileged */") == string::npos) + throw semantic_error ("function may not be used when --unprivileged is specified", + current_function->tok); + // We want to elide embedded-C functions when possible. For // example, each $target variable access is expanded to an // embedded-C function call. Yet, for safety reasons, we should @@ -1694,7 +1703,6 @@ varuse_collecting_visitor::visit_embeddedcode (embeddedcode *s) // $target variables as rvalues will have this; lvalues won't. // Also, explicit side-effect-free tapset functions will have this. - assert (current_function); // only they get embedded code if (s->code.find ("/* pure */") != string::npos) return; |