| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
changes.
|
| | |
|
| |
|
|
|
| |
* runtime/staprun/staprun_funcs.c (assert_stap_module_permissions): Mark
parameters unused.
|
| |
|
|
| |
canonicalizing /lib/modules/KVER/systemtap.
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
| |
limited to members of stapusr.
|
| |
|
|
| |
database.
|
| |
|
|
| |
Update comments to clearly explain the security issues involved.
|
| |
|
|
|
|
|
|
| |
messages within verify_it with the use of a 'module_name'
parameter passed in.
Add a comment in insert_module explaining why it's ok to
overwrite the 'path' parameter with the canonicalized path.
|
| |
|
|
|
|
|
|
|
|
|
| |
This allows insert_module to to be used for loading the signed uprobes.ko
module.
Allow the use of $$parms and $$return in uprobes based probes for
unprivileged users.
Re-add management of module signatures in the cache. Don't know why
it was removed.
|
| |
|
|
|
| |
* staprun_funcs.c (assert_permissions): Move "check_signature_rc"
variable inside #if HAVE_NSS.
|
| |
|
|
|
|
| |
Pending advice from Frank and Dave, changed check_permission to return void and
renamed it to assert_permission. assert_permission simply returns if
permissions are okay, and calls exit(-1) if there are any permissions errors.
|
| |
|
|
| |
check_permissions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* modverify.c (staprun.h): #include it.
(verify_it): Now accepts module data and signature data as arguments.
Don't open and read the signature here. Don't read the module here.
(verify_module): Now accepts module data as argument. Read the signature
once here.
* modverify.h (verify_module): Now accepts module data as argument.
* staprun.c (main): Don't call check_permissions here.
* staprun.h (check_permissions): Prototype removed.
* staprun_funcs.c (check_permissions): Now static. Accepts module data
as argument. Pass module data to check_signature.
(insert_module): Canonicalize the module path early here. Call
check_permissions here, passing it the mapped module data.
(check_signature): Now accepts module data as argument. Pass the module
data to verify_module.
(check_path): Use the already-canonicalized module path.
|
| |
|
|
|
|
|
| |
* runtime/staprun/staprun_funcs.c (check_permissions): Declare
check_signature_rc outside HAVE_NSS block.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
cache.cxx
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* cache.cxx (add_to_cache,clean_cache): add static markers
* main.cxx (main): likewise
* runtime/staprun/common.c (send_request): likewise
* runtime/staprun/mainloop.c (stp_main_loop): likewise
* runtime/staprun/staprun.c (remove_module): likewise
* runtime/staprun/staprun.h: include sdt.h
* runtime/staprun/staprun_funcs.c (insert_module): likewise
* util.cxx (stap_system): likewise
* tapset/stap_staticmarkers.stp: new file
|
| | |
| |
| |
| |
| |
| | |
Don't generate an error message for unsigned modules.
Make sure module signature exists before attempting to copy to the cache.
Allow timer p[robes for unprivileged users.
|
| |\| |
|
| | |
| |
| |
| |
| | |
This is needed for run-stap so that stapio and all child processes can
run as the originally invoking user instead of root.
|
| |\| |
|
| | |
| |
| |
| | |
HAVE_NSS related compile time warning.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
modsign.cxx
runtime/staprun/modverify.c
runtime/staprun/staprun_funcs.c
stap-authorize-server-cert
stap-authorize-signing-cert
stap-serverd
systemtap.spec
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* translate.cxx (c_unparser::emit_unprivileged_user_check): Generate
code to check _stp_unprivileged_user.
* testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path.
* runtime/transport/transport.c: Set up _stp_unprivileged_user.
* runtime/staprun/staprun_funcs.c (check_signature): Distiguish among
verification failure due to errors, tampering, untrusted signer.
(check_permissions): Likewise.
(check_groups): Set unprivileged_user.
* runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user.
* runtime/staprun/modverify.h (MODULE_OK): #define it.
(MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise.
* runtime/staprun/modverify.c (modverify.h): #include it.
(verify_it): Distiguish among verification failure due to errors,
tampering, untrusted signer.
(verify_module): Likewise.
* runtime/staprun/common.c (unprivileged_user): Define it.
* runtime/staprun/staprun.h (unprivileged_user): Declare it.
* cache.cxx (get_from_cache): Get the module signature file.
* stap-authorize-server-cert: Source `dirname $0`/stap-env.
* stap-authorize-signing-cert: Likewise.
* stap-client: Likewise.
* stap-find-or-start-server: Likewise.
* stap-find-servers: Likewise.
* stap-gen-cert: Likewise.
* stap-server: Likewise.
* stap-serverd: Likewise.
* stap-start-server: Likewise.
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
Makefile.in
|
| | |
| |
| |
| |
| | |
* runtime/staprun/staprun_funcs.c (check_path): Save fully
canonicalized and checked module path for later loading.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util.cxx (remove_file_or_dir): New function.
* util.h (remove_file_or_dir): New function.
* systemtap.spec (stap): Add stap-env, stap-gen-cert, stap-authorize-cert,
and stap-authorize-signing-cert.
(stap-client): Remove stap-find-or-start-server, stap-add-server-cert.
Add stap-authorize-server-cert.
(stap-server): Add stap-find-servers, stap-find-or-start-server,
stap-authorize-server-cert. Remove stap-gen-server-cert.
* stap-find-servers: Source stap-env. Use $stap_avahi_service_tag.
(initialization): Set timeout to 10.
(find_servers): Run avahi-browse in the background and wait for it.
Use a temp file for the output of avahi-browse. Kill avahi-browse if
the timeout expires.
(match_server): Set read timeout.
(fatal): New function.
* stap-find-or-start-server: Source stap-env. Use $stap_exec_prefix. Always
exit with 0.
* stap-start-server: Source stap-env. Check for the server PID as a running
process and for avahi-publish-service running as a child in order to
verify that the server is ready.
* stap-add-server-cert: Renamed to stap-authorize-server-cert. Source
stap-env. Call stap-authorize-cert.
* stap-client: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
(staprun_running): Removed.
(interrupt): Don't kill staprun.
* stap-server: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
* session.h (systemtap_session): Add cert_db_path.
* runtime/staprun/staprun_funcs.c (config.h): #include it.
(modverify.h): #include it.
(check_signature): New function.
(check_groups): New function extracted from check_permissions.
(check_permissions): Call check_groups and check_signature.
* runtime/staprun/mainloop.c (cleanup_and_exit): Pass modpath to staprun,
not modname.
* main.cxx (main): Initialize cert_db_path. Handle LONG_OPT_SIGN_MODULE.
Save the module signature if the module was signed and is being saved.
(LONG_OPT_SIGN_MODULE): #define it.
(long_options): Add --sign-module.
* cache.cxx (config.h): #include it.
(add_to_cache): Add the module signature file to the cache if the module
has been signed.
* buildrun.cxx (modsign.h): #include it.
(compile_pass): Call sign_module, if requested.
* configure.ac: Define HAVE_NSS if NSS libraries are available.
* Makefile.am (AM_CPPFLAGS): Add -DSYSCONFDIR.
(bin_SCRIPTS): Add stap-env, stap-gen-cert, stap-authorize-cert,
stap-authorize-signing-cert, stap-authorize-server-cert. Remove
stap-gen-server-cert, stap-add-server-cert.
(stap_SOURCES): Add nsscommon.c, modsign.cxx
(stap_CPPFLAGS): Add $(nss_CFLAGS), $(nspr_CFLAGS).
(stap_LDADD): Add -lnss3.
(staprun_SOURCES): Add nsscommon.c.
* modsign.cxx: New file.
* modsign.h: New file.
* nsscommon.c: New file.
* nsscommon.h: New file.
* runtime/staprun/modverify.c: New file.
* runtime/staprun/modverify.h: New file.
* stap-authorize-cert: New file.
* stap-authorize-signing-cert: New file.
* stap-env: New file.
* Makefile.in: Regenerated.
* aclocal.m4: Regenerated.
* config.in: Regenerated.
* configure: Regenerated.
* doc/Makefile.in: Regenerated.
* doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated.
* testsuite/Makefile.in: Regenerated.
* testsuite/aclocal.m4: Regenerated.
|
| |
|
|
|
|
|
|
| |
2008-09-18 David Smith <dsmith@redhat.com>
PR 6903.
* staprun_funcs.c (check_permissions): Instead of checking the
effective uid, check the real uid for root permissions.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
* staprun_funcs.c (check_path): Small security fix.
|
| |
|
|
| |
Thanks to Jim for fixing typos and grammar.
|
| |
|
|
|
| |
* symbols.c (send_module): Simplify and use new send_data() function to keep
longword alignment.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes to separate the symbols from the command channel.
* cap.c (init_cap): Add CAP_DAC_OVERRIDE.
* staprun.h: Change init_ctl_channel prototype.
* ctl.c (init_ctl_channel): Modify to open either
a command or symbol channel. Use ".cmd" and ".symbols"
as the new names.
* mainloop.c (init_stapio): Call init_ctl_channel(0);
* staprun.c (cleanup): Call stop_symbol_thread().
(main): Call start_symbol_thread().
* staprun_funcs.c (handle_symbols): Make a thread.
(start_symbol_thread): New.
(stop_symbol_thread): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* main.cxx: Add pass 4.5: make uprobes.ko in runtime/uprobes
* buildrun.cxx: Add uprobes_enabled() and make_uprobes().
Factor run_make_cmd() out of compile_pass().
* buildrun.h: Add uprobes_enabled and make_uprobes decls.
* tapsets.cxx: Do correct #include for modprobed uprobes.ko;
set need_uprobes in pass 2.
* session.h: Add need_uprobes
* runtime/staprun/common.c: Add -u option -> need_uprobes
* runtime/staprun/staprun_funcs.c: Generalize insert_module()
to support inserting uprobes.ko.
* runtime/staprun/staprun.c: Add enable_uprobes(). insert_module
call becomes insert_stap_module().
* runtime/staprun/staprun.h: Reflect insert_module() and
need_uprobes changes
* runtime/uprobes/*.[c,h]: uprobes is built as a module,
rather than included into the source of the stap-generated
module.
* runtime/uprobes/Makefile: Added
|
|
|
Merge from setuid-branch. Changes also by Martin Hunt
<hunt@redhat.com>.
* staprun.c (init_staprun): Drop CAP_SYS_ADMIN when we're done
with it.
(main): Calls parse_modpath instead of path_parse_modname. Just
call parse_modpath with argv[optind]. Let it allocate and set
modpath and modname. If no modulename was given, display usage
and exit. Drop CAP_SYS_NICE when we're done with it. Set
atexit(exit_cleanup) so cleanup always gets called and modules get
removed. Call handle_symbols.
(run_stapio): Set argv[0] to stapio so that it executes as itself
instead of staprun.
(cleanup): Only do cleanups once and only try to remove module
when appropriate.
(exit_cleanup): New. Calls cleanup().
(mountfs): Sets uid to root before making directory and then
restores uid.
(setup_ctl_channel): Uses DEBUGFS define and improved
error message.
(setup_relayfs): Ditto.
(setup_oldrelayfs): Uses DEBUGFS and RELAYFS defines.
(run_stp_check): Replaced by mountfs().
(mountfs): New function. Replaces an external script with C code.
(init_staprun): Calls mountfs() instead of run_stp_check().
* staprun.h: Renamed path_parse_modname to parse_modpath. Added
MODULE_NAME_LEN define. Added [_][p]err macros. Removed
VERSION_CMD.
* mainloop.c (cleanup_and_exit): Make sure initialized is 2
before exiting with code 2.
(stp_main_loop): Set initialized to 2 when STP_TRANSPORT
is received. Call cleanup_and_exit() with proper status.
(start_cmd): exit 1 instead of -1.
(system_cmd): Ditto.
(init_staprun): Renamed init_stapio.
(cleanup_and_exit): Set exit status.
* cap.c: New file.
* common.c: New file.
* stapio.c: New file.
* staprun_funcs.c: New file.
* Makefile: Removed.
* symbols.c (get_sections): Move the filter code up so that
uninteresting section names are filtered out before
attempting to open them.
(do_kernel_symbols): Better detect overfow conditions and realloc
new space.
(do_module): After sending all modules, send a null message to
indicate we are finished.
* ctl.c (init_ctl_channel): When attempting to attach, if the
control channel doesn't exist, print a better error message.
* relay_old.c (init_oldrelayfs): Errors out if
open_relayfs_files() couldn't open any files.
PR 4795
* mainloop.c (send_request): Fixed buffer overflow check.
* staprun.h: Added buffer overflow checking versions of
strcpy/sprintf/snprintf.
* common.c (path_parse_modname): Checks for overflows on
strcpy/sprintf/snprintf.
(read_buffer_info): Ditto.
* ctl.c (init_ctl_channel): Ditto.
* relay.c (init_relayfs): Ditto.
* relay_old.c (open_relayfs_files): Ditto.
(init_oldrelayfs): Ditto.
* staprun_funcs.c (insert_module): Ditto.
(check_path): Ditto.
* symbols.c (get_sections): Ditto.
|
