diff options
Diffstat (limited to 'runtime/staprun')
-rw-r--r-- | runtime/staprun/common.c | 1 | ||||
-rw-r--r-- | runtime/staprun/staprun.c | 18 | ||||
-rw-r--r-- | runtime/staprun/staprun.h | 1 | ||||
-rw-r--r-- | runtime/staprun/staprun_funcs.c | 29 |
4 files changed, 39 insertions, 10 deletions
diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index c67ce340..644dfa53 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -30,6 +30,7 @@ int need_uprobes; int daemon_mode; off_t fsize_max; int fnum_max; +int unprivileged_user = 0; /* module variables */ char *modname = NULL; diff --git a/runtime/staprun/staprun.c b/runtime/staprun/staprun.c index 42b72ff1..917990dc 100644 --- a/runtime/staprun/staprun.c +++ b/runtime/staprun/staprun.c @@ -16,7 +16,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Copyright (C) 2005-2008 Red Hat, Inc. + * Copyright (C) 2005-2009 Red Hat, Inc. * */ @@ -139,11 +139,21 @@ static int enable_uprobes(void) static int insert_stap_module(void) { - char bufsize_option[128]; + char special_options[128]; + char *bufptr = special_options; - if (snprintf_chk(bufsize_option, 128, "_stp_bufsize=%d", buffer_size)) + /* Add the _stp_bufsize option. */ + if (snprintf_chk(bufptr, sizeof (special_options), "_stp_bufsize=%d", buffer_size)) return -1; - return insert_module(modpath, bufsize_option, modoptions); + + /* Add the _stp_unprivileged_user option. */ + bufptr += strlen (bufptr); + if (snprintf_chk(bufptr, + sizeof (special_options) - (bufptr - special_options), + " _stp_unprivileged_user=%d", unprivileged_user)) + return -1; + + return insert_module(modpath, special_options, modoptions); } static int remove_module(const char *name, int verb); diff --git a/runtime/staprun/staprun.h b/runtime/staprun/staprun.h index acc533b2..5159f1bd 100644 --- a/runtime/staprun/staprun.h +++ b/runtime/staprun/staprun.h @@ -166,6 +166,7 @@ extern int need_uprobes; extern int daemon_mode; extern off_t fsize_max; extern int fnum_max; +extern int unprivileged_user; /* getopt variables */ extern char *optarg; diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 781bb999..1ebd124e 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -403,7 +403,6 @@ check_groups (void) perr("Unable to retrieve group list"); return -1; } - for (i = 0; i < ngids; i++) { /* If the user is a member of 'stapdev', then we're * done, since he can use staprun without any @@ -419,9 +418,10 @@ check_groups (void) if (gidlist[i] == stapusr_gid) gid = stapusr_gid; } - /* Not a member of stapusr? */ - if (gid != stapusr_gid) - return 0; + if (gid != stapusr_gid) { + unprivileged_user = 1; + return 0; + } } /* At this point the user is only a member of the 'stapusr' @@ -440,8 +440,9 @@ check_groups (void) * 1) root can do anything * 2) members of stapdev can do anything * 3) members of stapusr can load modules from /lib/modules/KVER/systemtap + * 4) anyone can load a module which has been signed by a trusted signer * - * It is only an error if all 3 levels of checking fail + * It is only an error if all 4 levels of checking fail * * Returns: -1 on errors, 0 on failure, 1 on success. */ @@ -480,6 +481,17 @@ int check_permissions(void) if (check_groups_rc == 1) return 1; + /* The user is an ordinary user. If the module has been signed with + * a "blessed" certificate and private key, then we will load it for + * anyone. */ +#if HAVE_NSS + if (check_signature_rc == MODULE_OK) + return 1; + assert (check_signature_rc == MODULE_UNTRUSTED || check_signature_rc == MODULE_CHECK_ERROR); +#endif + + /* We are an ordinary user and the module was not signed by a trusted + signer. */ err("ERROR: You are trying to run stap as a normal user.\n" "You should either be root, or be part of either " "group \"stapdev\" or group \"stapusr\".\n"); @@ -487,6 +499,11 @@ int check_permissions(void) err("Your system doesn't seem to have either group.\n"); check_groups_rc = -1; } +#if HAVE_NSS + err("Alternatively, your module must be signed by a trusted signer.\n" + "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n"); +#endif - return check_groups_rc; + /* Combine the return codes. They are either 0 or -1. */ + return check_groups_rc | check_signature_rc; } |