From 2ab8398f875cbd8eff11cecc7a7abd65ffcb4f4c Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Tue, 15 Dec 2009 11:13:13 -0500
Subject: Don't automatically authorize new root certificates as trusted
 signers.

---
 modsign.cxx | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'modsign.cxx')

diff --git a/modsign.cxx b/modsign.cxx
index 0965b923..326534ce 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -49,20 +49,12 @@ using namespace std;
  */
 static int
 init_cert_db_path (const string &cert_db_path) {
-  int rc, rc1;
+  int rc;
 
   // Generate the certificate and database.
   string cmd = BINDIR "/stap-gen-cert " + cert_db_path;
   rc = system (cmd.c_str ()) == 0;
 
-  // If we are root, authorize the new certificate as a trusted
-  // signer. It is not an error if this fails.
-  if (geteuid () == 0)
-    {
-      cmd = BINDIR "/stap-authorize-signing-cert " + cert_db_path + "/stap.cert";
-      rc1 = system (cmd.c_str ());
-    }
-
   return rc;
 }
 
-- 
cgit