diff options
Diffstat (limited to 'runtime/staprun/staprun_funcs.c')
| -rw-r--r-- | runtime/staprun/staprun_funcs.c | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index c19dc3ba..ed7f4fc3 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -404,7 +404,6 @@ check_groups (void) perr("Unable to retrieve group list"); return -1; } - for (i = 0; i < ngids; i++) { /* If the user is a member of 'stapdev', then we're * done, since he can use staprun without any @@ -420,9 +419,10 @@ check_groups (void) if (gidlist[i] == stapusr_gid) gid = stapusr_gid; } - /* Not a member of stapusr? */ - if (gid != stapusr_gid) - return 0; + if (gid != stapusr_gid) { + unprivileged_user = 1; + return 0; + } } /* At this point the user is only a member of the 'stapusr' @@ -441,8 +441,9 @@ check_groups (void) * 1) root can do anything * 2) members of stapdev can do anything * 3) members of stapusr can load modules from /lib/modules/KVER/systemtap + * 4) anyone can load a module which has been signed by a trusted signer * - * It is only an error if all 3 levels of checking fail + * It is only an error if all 4 levels of checking fail * * Returns: -1 on errors, 0 on failure, 1 on success. */ @@ -481,6 +482,17 @@ int check_permissions(void) if (check_groups_rc == 1) return 1; + /* The user is an ordinary user. If the module has been signed with + * a "blessed" certificate and private key, then we will load it for + * anyone. */ +#if HAVE_NSS + if (check_signature_rc == MODULE_OK) + return 1; + assert (check_signature_rc == MODULE_UNTRUSTED || check_signature_rc == MODULE_CHECK_ERROR); +#endif + + /* We are an ordinary user and the module was not signed by a trusted + signer. */ err("ERROR: You are trying to run stap as a normal user.\n" "You should either be root, or be part of either " "group \"stapdev\" or group \"stapusr\".\n"); @@ -488,6 +500,11 @@ int check_permissions(void) err("Your system doesn't seem to have either group.\n"); check_groups_rc = -1; } +#if HAVE_NSS + err("Alternatively, your module must be compiled using the --unprivileged option and signed by a trusted signer.\n" + "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n"); +#endif - return check_groups_rc; + /* Combine the return codes. They are either 0 or -1. */ + return check_groups_rc | check_signature_rc; } |