diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-04-14 12:33:28 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-04-14 12:33:28 -0400 |
| commit | a2422e707214a425e4e10ac5b7c39fc5ae4dea56 (patch) | |
| tree | 01bb7e3524498acb351dd5d95cb15a2ace605da7 /translate.cxx | |
| parent | 2f7ba4b8416eae26971da68fdc14aa8560a7939c (diff) | |
| download | systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.tar.gz systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.tar.xz systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.zip | |
2009-04-14 Dave Brolley <brolley@redhat.com>
* translate.cxx (c_unparser::emit_unprivileged_user_check): Generate
code to check _stp_unprivileged_user.
* testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path.
* runtime/transport/transport.c: Set up _stp_unprivileged_user.
* runtime/staprun/staprun_funcs.c (check_signature): Distiguish among
verification failure due to errors, tampering, untrusted signer.
(check_permissions): Likewise.
(check_groups): Set unprivileged_user.
* runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user.
* runtime/staprun/modverify.h (MODULE_OK): #define it.
(MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise.
* runtime/staprun/modverify.c (modverify.h): #include it.
(verify_it): Distiguish among verification failure due to errors,
tampering, untrusted signer.
(verify_module): Likewise.
* runtime/staprun/common.c (unprivileged_user): Define it.
* runtime/staprun/staprun.h (unprivileged_user): Declare it.
* cache.cxx (get_from_cache): Get the module signature file.
* stap-authorize-server-cert: Source `dirname $0`/stap-env.
* stap-authorize-signing-cert: Likewise.
* stap-client: Likewise.
* stap-find-or-start-server: Likewise.
* stap-find-servers: Likewise.
* stap-gen-cert: Likewise.
* stap-server: Likewise.
* stap-serverd: Likewise.
* stap-start-server: Likewise.
Diffstat (limited to 'translate.cxx')
| -rw-r--r-- | translate.cxx | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/translate.cxx b/translate.cxx index 1a86dcd2..95986924 100644 --- a/translate.cxx +++ b/translate.cxx @@ -1097,26 +1097,17 @@ c_unparser::emit_unprivileged_user_check () if (session->unprivileged) return; - // Otherwise, generate code to check the user or group. If the user is not - // root or a member of stapdev or stapusr, then generate an error and - // unload the module. + // Otherwise, generate code to check whether the user is unprivileged. + // If so, then generate an error and indicate that the check has failed. o->newline(); o->newline() << "static int systemtap_unprivileged_user_check (void) {"; -#if 0 - o->newline(1) << "if (_stp_uid == 0)"; - o->newline(1) << "return 0;"; - o->newline(-1) << "stgr = getgrnam(\"stapdev\");"; - o->newline() << "if (stgr != NULL && _stp_gid == stgr->gr_gid)"; - o->newline(1) << "return 0;"; - o->newline(-1) << "stgr = getgrnam(\"stapusr\");"; - o->newline() << "if (stgr != NULL && _stp_gid == stgr->gr_gid)"; + o->newline(1) << "if (! _stp_unprivileged_user)"; o->newline(1) << "return 0;"; + o->newline(-1) << "_stp_error (\"You are attempting to run stap as an ordinary user.\");"; o->newline() << "_stp_error (\"Your module must be compiled using the --unprivileged option.\");"; o->newline() << "return 1;"; -#else - o->newline(1) << "return 0;"; -#endif + o->newline(-1) << "}\n"; } |