From 88e8da383e47adafc9e75c4f10aecd0ce4ad959f Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Wed, 22 Apr 2009 11:57:00 -0400 Subject: 2009-04-22 Dave Brolley * elaborate.h (unprivileged_whitelist): Removed. (unprivileged_ok): New member of match_node. (allow_unprivileged,unprivileged_allowed): New methods of match_node. * elaborate.cxx (match_node): Initialize unprivileged_ok. Remove initialization of unprivileged_whitelist. (allow_unprivileged,unprivileged_allowed): New methods of match_node. (matchnode::find_and_build): Remove check of unprivileged_whitelist. Call unprivileged_allowed. * tapsets.cxx (dwarf_derived_probe::register_function_and_statement_variants): New parameter: unprivileged_ok. (dwarf_derived_probe::register_function_variants): Likewise. (dwarf_derived_probe::register_statement_variants): Likeiwse. (register_standard_tapsets): Call allow_unprivileged for nodes which are safe for unprivileged users. --- elaborate.cxx | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) (limited to 'elaborate.cxx') diff --git a/elaborate.cxx b/elaborate.cxx index b5d6046b..a1c2e652 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -261,9 +261,8 @@ match_key::globmatch(match_key const & other) const // ------------------------------------------------------------------------ match_node::match_node() - : end(NULL) + : end(NULL), unprivileged_ok (false) { - unprivileged_whitelist.push_back ("process"); } match_node * @@ -306,6 +305,18 @@ match_node::bind_num(string const & k) return bind(match_key(k).with_number()); } +match_node* +match_node::allow_unprivileged (bool b) +{ + unprivileged_ok = b; + return this; +} + +bool +match_node::unprivileged_allowed () const +{ + return unprivileged_ok; +} void match_node::find_and_build (systemtap_session& s, @@ -313,23 +324,6 @@ match_node::find_and_build (systemtap_session& s, vector& results) { assert (pos <= loc->components.size()); - - // If we are in --unprivileged mode, exclude all "unsafe" probes. - if (s.unprivileged && pos == 0) - { - unsigned i; - for (i = 0; i < unprivileged_whitelist.size(); i++) - { - if (unprivileged_whitelist[i] == loc->components[pos]->functor) - break; - } - if (i == unprivileged_whitelist.size()) { - throw semantic_error (string("probe class ") + - loc->components[pos]->functor + - " is not allowed for unprivileged users"); - } - } - if (pos == loc->components.size()) // matched all probe point components so far { derived_probe_builder *b = end; // may be 0 if only nested names are bound @@ -350,6 +344,14 @@ match_node::find_and_build (systemtap_session& s, param_map[loc->components[i]->functor] = loc->components[i]->arg; // maybe 0 + // Are we compiling for unprivileged users? */ + if (s.unprivileged) + { + // Is this probe point ok for unprivileged users? + if (! unprivileged_allowed ()) + throw semantic_error (string("probe point is not allowed for unprivileged users")); + } + b->build (s, p, loc, param_map, results); } else if (isglob(loc->components[pos]->functor)) // wildcard? -- cgit