1 files changed, 33 insertions, 0 deletions

diff --git a/translate.cxx b/translate.cxx
index 3fa8857b..b704b3a6 100644
--- a/translate.cxx
+++ b/translate.cxx
@@ -66,6 +66,7 @@ struct c_unparser: public unparser, public visitor
   void emit_global_init (vardecl* v);
   void emit_global_param (vardecl* v);
   void emit_functionsig (functiondecl* v);
+  void emit_unprivileged_user_check ();
   void emit_module_init ();
   void emit_module_exit ();
   void emit_function (functiondecl* v);
@@ -1087,6 +1088,29 @@ c_unparser::emit_functionsig (functiondecl* v)
 }
 
 
+void
+c_unparser::emit_unprivileged_user_check ()
+{
+  // If the --unprivileged option was specified then the module
+  // will be safe for unprivileged users, if it is successfully generated,
+  // so no check need be emitted.
+  if (session->unprivileged)
+    return;
+
+  // Otherwise, generate code to check whether the user is unprivileged.
+  // If so, then generate an error and indicate that the check has failed.
+  o->newline();
+  o->newline() << "static int systemtap_unprivileged_user_check (void) {";
+  o->newline(1) << "if (! _stp_unprivileged_user)";
+  o->newline(1) << "return 0;";
+
+  o->newline(-1) << "_stp_error (\"You are attempting to run stap as an ordinary user.\");";
+  o->newline() << "_stp_error (\"Your module must be compiled using the --unprivileged option.\");";
+  o->newline() << "return 1;";
+
+  o->newline(-1) << "}\n";
+}
+
 
 void
 c_unparser::emit_module_init ()
@@ -1131,6 +1155,12 @@ c_unparser::emit_module_init ()
   o->newline() << "if (_stp_module_check()) rc = -EINVAL;";
 
   o->newline(-1) << "}";
+
+  if (! session->unprivileged) {
+    // Check whether the user is unprivileged.
+    o->newline() << "if (systemtap_unprivileged_user_check ()) rc = -EINVAL;";
+  }
+
   o->newline() << "if (rc) goto out;";
 
   o->newline() << "(void) probe_point;";
@@ -5107,6 +5137,9 @@ translate_pass (systemtap_session& s)
       s.op->assert_0_indent();
 
       s.op->newline();
+      s.up->emit_unprivileged_user_check ();
+      s.op->assert_0_indent();
+      s.op->newline();
       s.up->emit_module_init ();
       s.op->assert_0_indent();
       s.op->newline();