diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-10-09 11:09:12 -0400 |
| commit | 2865d17a48d055b3aef6e45506292908800cdb21 (patch) | |
| tree | 216ef4616108250518e0bd52b5c37a489f2906e0 /tapset-been.cxx | |
| parent | 47f025139d1c2e75781cdab40dc9195396133754 (diff) | |
| download | systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.gz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.tar.xz systemtap-steved-2865d17a48d055b3aef6e45506292908800cdb21.zip | |
Generate safety net assertions in probe function not authorized for unprivileged users.
2009-10-08 Dave Brolley <brolley@redhat.com>
* elaborate.h (emit_unprivileged_assertion): New virtual method of deriv
ed_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
* elaborate.cxx (translate.h): #include it.
(emit_unprivileged_assertion): New virtual method of derived_probe.
(emit_process_owner_assertion): New static method of derived_probe.
(check_unprivileged): New virtual method of derived_probe_builder.
(match_node::unprivileged_ok): Removed.
(match_node::allow_unprivileged): Removed.
(match_node::unprivileged_allowed): Removed.
(find_and_build): Don't check for unprivileged restrictions here. Call t
he
builder's check_unprivileged method.
(alias_expansion_builder::check_unprivileged): New virtual method.
* tapset-been.cxx (be_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(be_builder::check_unprivileged): Likewise.
(never_derived_probe::emit_unprivileged_assertion): Likewise.
(never_builder::check_unprivileged): Likewise.
(register_tapset_been): Don't call allow_unprivileged.
* tapset-itrace.cxx (itrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(itrace_builder::check_unprivileged): Likewise.
(register_tapset_itrace): Don't call allow_unprivileged.
* tapset-utrace.cxx (utrace_derived_probe::emit_unprivileged_assertion):
New virtual
method.
(utrace_builder::check_unprivileged): Likewise.
(register_tapset_utrace): Don't call allow_unprivileged.
* tapset-timer.cxx (timer_derived_probe::emit_unprivileged_assertion): N
ew virtual
method.
(timer_builder::check_unprivileged): Likewise.
(register_tapset_timers): Don't call allow_unprivileged.
* tapsets.cxx (uprobe_derived_probe::emit_unprivileged_assertion): New v
irtual
method.
(uprobe_builder::check_unprivileged): Likewise.
(register_standard_tapsets): Don't call allow_unprivileged.
(register_statement_variants): Remove unprivileged_ok_p parameter. Don't
call
allow_unprivileged.
(register_function_variants): Likewise.
(register_function_and_statement_variants): Likewise.
(register_patterns): Don't call allow_unprivileged.
* translate.cxx (emit_probe): Call v->emit_unprivileged_assertion.
Diffstat (limited to 'tapset-been.cxx')
| -rw-r--r-- | tapset-been.cxx | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/tapset-been.cxx b/tapset-been.cxx index 99b59574..002bf66a 100644 --- a/tapset-been.cxx +++ b/tapset-been.cxx @@ -52,6 +52,10 @@ struct be_derived_probe: public derived_probe return a->priority < b->priority; } + // No assertion need be emitted, since these probes are allowed for + // unprivileged users. + void emit_unprivileged_assertion (translator_output*) {} + bool needs_global_locks () { return false; } // begin/end probes don't need locks around global variables, since // they aren't run concurrently with any other probes @@ -86,6 +90,10 @@ struct be_builder: public derived_probe_builder finished_results.push_back (new be_derived_probe(base, location, type, priority)); } + + // No action required. These probes are allowed for unprivileged users. + virtual void check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters) {} }; @@ -188,6 +196,8 @@ struct never_derived_probe: public derived_probe never_derived_probe (probe* p): derived_probe (p) {} never_derived_probe (probe* p, probe_point* l): derived_probe (p, l) {} void join_group (systemtap_session&) { /* thus no probe_group */ } + void emit_unprivileged_assertion (translator_output*) {} + }; @@ -202,6 +212,10 @@ struct never_builder: public derived_probe_builder { finished_results.push_back(new never_derived_probe(base, location)); } + + // No action required. This probe is allowed for unprivileged users. + virtual void check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters) {} }; @@ -216,28 +230,21 @@ register_tapset_been(systemtap_session& s) match_node* root = s.pattern_root; root->bind(TOK_BEGIN) - ->allow_unprivileged() ->bind(new be_builder(BEGIN)); root->bind_num(TOK_BEGIN) - ->allow_unprivileged() ->bind(new be_builder(BEGIN)); root->bind(TOK_END) - ->allow_unprivileged() ->bind(new be_builder(END)); root->bind_num(TOK_END) - ->allow_unprivileged() ->bind(new be_builder(END)); root->bind(TOK_ERROR) - ->allow_unprivileged() ->bind(new be_builder(ERROR)); root->bind_num(TOK_ERROR) - ->allow_unprivileged() ->bind(new be_builder(ERROR)); root->bind(TOK_NEVER) - ->allow_unprivileged() ->bind(new never_builder()); } |