diff options
Diffstat (limited to 'tapset-utrace.cxx')
| -rw-r--r-- | tapset-utrace.cxx | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/tapset-utrace.cxx b/tapset-utrace.cxx index 4e98fbf6..b731293c 100644 --- a/tapset-utrace.cxx +++ b/tapset-utrace.cxx @@ -60,6 +60,9 @@ struct utrace_derived_probe: public derived_probe bool hp, string &pn, int64_t pd, enum utrace_derived_probe_flags f); void join_group (systemtap_session& s); + + void emit_unprivileged_assertion (translator_output*); + void print_dupe_stamp(ostream& o); }; @@ -198,6 +201,35 @@ utrace_derived_probe::join_group (systemtap_session& s) void +utrace_derived_probe::emit_unprivileged_assertion (translator_output* o) +{ + // Process end probes are allowed for unprivileged users, even if the process + // does not belong to them. They are required to check is_myproc() from within + // their probe script before doing anything "dangerous". + if (flags == UDPF_END) + return; + + // Other process probes are allowed for unprivileged users, but only in the + // context of processes which they own. + emit_process_owner_assertion (o); +} + +void +utrace_derived_probe::print_dupe_stamp(ostream& o) +{ + // Process end probes are allowed for unprivileged users, even if the process + // does not belong to them. They are required to check is_myproc() from within + // their probe script before doing anything "dangerous". + // Other process probes are allowed for unprivileged users, but only in the + // context of processes which they own. + if (flags == UDPF_END) + print_dupe_stamp_unprivileged (o); + else + print_dupe_stamp_unprivileged_process_owner (o); +} + + +void utrace_var_expanding_visitor::visit_target_symbol_cached (target_symbol* e) { // Get the full name of the target symbol. @@ -627,6 +659,10 @@ struct utrace_builder: public derived_probe_builder has_path, path, pid, flags)); } + + // No action required. These probes are allowed for unprivileged users. + virtual void check_unprivileged (const systemtap_session & sess, + const literal_map_t & parameters) {} }; @@ -1054,22 +1090,16 @@ register_tapset_utrace(systemtap_session& s) for (unsigned i = 0; i < roots.size(); ++i) { roots[i]->bind(TOK_BEGIN) - ->allow_unprivileged() ->bind(builder); roots[i]->bind(TOK_END) - ->allow_unprivileged() ->bind(builder); roots[i]->bind(TOK_THREAD)->bind(TOK_BEGIN) - ->allow_unprivileged() ->bind(builder); roots[i]->bind(TOK_THREAD)->bind(TOK_END) - ->allow_unprivileged() ->bind(builder); roots[i]->bind(TOK_SYSCALL) - ->allow_unprivileged() ->bind(builder); roots[i]->bind(TOK_SYSCALL)->bind(TOK_RETURN) - ->allow_unprivileged() ->bind(builder); } } |