PR11256: harden --unprivileged mode

* tapsets-mark.cxx, tapsets.cxx: Don't even publish probe point families that are inappropriate for use in --unprivileged mode. (dwarf_derived_probe_*unprivileged*): Remove, to default to blanket no-permission rather than emit_process_owner_permission mode. * testsuite/semko/fortyeight.stp: New test.
author: Frank Ch. Eigler <fche@elastic.org> 2010-02-05 16:55:22 -0500
committer: Frank Ch. Eigler <fche@elastic.org> 2010-02-05 16:55:22 -0500
commit: 03d9fbb14c2f641e315be2419b70382bfd43f620 (patch)
tree: fe866bfcac9a4358f3f4e0c4402d114bf2da35a2 /tapset-mark.cxx
parent: 3cad5a57f0117dcb994b72db454b3fa1805e5dd5 (diff)
download: systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.tar.gz
systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.tar.xz
systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/tapset-mark.cxx b/tapset-mark.cxx
index 6dbc55dc..4d873eed 100644
--- a/tapset-mark.cxx
+++ b/tapset-mark.cxx
@@ -714,6 +714,8 @@ mark_builder::build(systemtap_session & sess,
 void
 register_tapset_mark(systemtap_session& s)
 {
+  if (s.unprivileged) return;
+
   match_node* root = s.pattern_root;
   derived_probe_builder *builder = new mark_builder();
author	Frank Ch. Eigler <fche@elastic.org>	2010-02-05 16:55:22 -0500
committer	Frank Ch. Eigler <fche@elastic.org>	2010-02-05 16:55:22 -0500
commit	03d9fbb14c2f641e315be2419b70382bfd43f620 (patch)
tree	fe866bfcac9a4358f3f4e0c4402d114bf2da35a2 /tapset-mark.cxx
parent	3cad5a57f0117dcb994b72db454b3fa1805e5dd5 (diff)
download	systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.tar.gz systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.tar.xz systemtap-steved-03d9fbb14c2f641e315be2419b70382bfd43f620.zip