diff options
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/addr-map.c | 4 | ||||
| -rw-r--r-- | runtime/print.c | 12 | ||||
| -rw-r--r-- | runtime/runtime.h | 28 |
3 files changed, 42 insertions, 2 deletions
diff --git a/runtime/addr-map.c b/runtime/addr-map.c index a9aa8d88..35de7a64 100644 --- a/runtime/addr-map.c +++ b/runtime/addr-map.c @@ -115,6 +115,10 @@ lookup_bad_addr(unsigned long addr, size_t size) return 1; #ifndef STP_PRIVILEGED + /* Unprivileged users must not access memory while the context + does not refer to their own process. */ + if (! is_myproc ()) + return 1; /* Unprivileged users must not access kernel space memory. */ if (addr + size > TASK_SIZE) return 1; diff --git a/runtime/print.c b/runtime/print.c index 945f7a72..335403fb 100644 --- a/runtime/print.c +++ b/runtime/print.c @@ -225,7 +225,11 @@ static void _stp_print_kernel_info(char *vstr, int ctx, int num_probes) #ifdef DEBUG_MEM "+alloc" #endif - ", probes: %d\n", + ", probes: %d" +#ifndef STP_PRIVILEGED + ", unpriv-uid: %d" +#endif + "\n", THIS_MODULE->name, vstr, #ifndef STAPCONF_GRSECURITY @@ -242,7 +246,11 @@ static void _stp_print_kernel_info(char *vstr, int ctx, int num_probes) #ifdef DEBUG_MEM _stp_allocated_memory - _stp_allocated_net_memory, #endif - num_probes); + num_probes +#ifndef STP_PRIVILEGED + , _stp_uid +#endif + ); } /** @} */ diff --git a/runtime/runtime.h b/runtime/runtime.h index 064ded7b..7087d435 100644 --- a/runtime/runtime.h +++ b/runtime/runtime.h @@ -54,6 +54,32 @@ static void _stp_warn (const char *fmt, ...) __attribute__ ((format (printf, 1, static void _stp_exit(void); + + +/* unprivileged user support */ + +#ifdef STAPCONF_TASK_UID +#define STP_CURRENT_EUID (current->euid) +#else +#define STP_CURRENT_EUID (task_euid(current)) +#endif + +#define is_myproc() (STP_CURRENT_EUID == _stp_uid) + +#ifndef STP_PRIVILEGED +#define assert_is_myproc() do { \ + if (! is_myproc()) { \ + snprintf (CONTEXT->error_buffer, MAXSTRINGLEN, "semi-privileged tapset function called without is_myproc checking for pid %d (euid %d)", \ + current->tgid, STP_CURRENT_EUID); \ + CONTEXT->last_error = CONTEXT->error_buffer; \ + goto out; \ + } } while (0) +#else +#define assert_is_myproc() do {} while (0) +#endif + + + #include "debug.h" /* atomic globals */ @@ -106,6 +132,8 @@ static struct #endif #include "addr-map.c" + + /* Support functions for int64_t module parameters. */ static int param_set_int64_t(const char *val, struct kernel_param *kp) { |