From 8f6d8c2bd3e5c1d2881e2ebe1c7ad5deb389e581 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Tue, 13 Oct 2009 11:52:22 -0400
Subject: Ensure that unprivileged-authorized probe point functions are hashed
 differently than non-authorized ones for the purpose of removing duplicates.

2009-10-13  Dave Brolley  <brolley@redhat.com>

        * elaborate.h (print_dupe_stamp_unprivileged): New static method
        of derived_probe.
        (print_dupe_stamp_unprivileged_process_owner): Likewise.

        * elaborate.cxx (print_dupe_stamp_unprivileged): New static method
        of derived_probe.
        (print_dupe_stamp_unprivileged_process_owner): Likewise.

        * tapset-been.cxx (print_dupe_stamp): New virtual method of be_derived_p
robe
        and never_derived_probe.

        * tapset-utrace.cxx (print_dupe_stamp): New virtual method of utrace_der
ived_probe

        * tapset-itrace.cxx (itrace_derived_probe::emit_unprivileged_assertion):
 Removed.
        (itrace_builder::check_unprivileged): Removed.

        * tapsets.cxx (print_dupe_stamp): New virtual method of uprobe_derived_p
robe
---
 tapset-utrace.cxx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'tapset-utrace.cxx')

diff --git a/tapset-utrace.cxx b/tapset-utrace.cxx
index 819a2d87..a8500493 100644
--- a/tapset-utrace.cxx
+++ b/tapset-utrace.cxx
@@ -62,6 +62,7 @@ struct utrace_derived_probe: public derived_probe
   void join_group (systemtap_session& s);
 
   void emit_unprivileged_assertion (translator_output*);
+  void print_dupe_stamp(ostream& o);
 };
 
 
@@ -210,6 +211,20 @@ utrace_derived_probe::emit_unprivileged_assertion (translator_output* o)
   emit_process_owner_assertion (o);
 }
 
+void
+utrace_derived_probe::print_dupe_stamp(ostream& o)
+{
+  // Process end probes are allowed for unprivileged users, even if the process
+  // does not belong to them. They are required to check is_myproc() from within
+  // their probe script before doing anything "dangerous".
+  // Other process probes are allowed for unprivileged users, but only in the
+  // context of processes which they own.
+  if (flags == UDPF_END)
+    print_dupe_stamp_unprivileged (o);
+  else
+    print_dupe_stamp_unprivileged_process_owner (o);
+}
+
 
 void
 utrace_var_expanding_visitor::visit_target_symbol_cached (target_symbol* e)
-- 
cgit