PR11197: prevent startup of stap-server as root

* stap-serverd: Block startup if whoami=root, unless magic
  environment variable is set.
* testsuite/lib/systemtap.exp: Set magic environment variable to
  override protection.

diff --git a/stap-serverd b/stap-serverd
index 4d8a10ceb9c0428f5356aca9d9fdbf7c453e36e4..fc186233fc2b6b2d4f2275621cf9325d8dc122a7 100755 (executable)
--- a/stap-serverd
+++ b/stap-serverd
@@ -2,7 +2,7 @@
 
 # Compile server manager for systemtap
 #
-# Copyright (C) 2008, 2009 Red Hat Inc.
+# Copyright (C) 2008-2010 Red Hat Inc.
 #
 # This file is part of systemtap, and is free software.  You can
 # redistribute it and/or modify it under the terms of the GNU General
@@ -19,6 +19,17 @@ trap 'terminate' SIGTERM SIGINT
 # Initialize the environment
 . ${PKGLIBEXECDIR}stap-env
 
+# PR11197: security prophylactics
+if [ -z "$STAP_PR11197_OVERRIDE" ]; then
+    # 1) reject use as root, except via a special environment variable
+    if [ `id -u` -eq 0 ]; then
+        echo "For security reasons, invocation of stap-server as root is not supported." 1>&2
+        exit 1
+    fi 
+    # 2) ... etc ...
+fi
+
+
 #-----------------------------------------------------------------------------
 # Helper functions.
 #-----------------------------------------------------------------------------

diff --git a/testsuite/lib/systemtap.exp b/testsuite/lib/systemtap.exp
index e0e01bcc298a8cf68933ffb00d37a465c1064ca0..031700813adca853a8494fbcd5c052a5467310d6 100644 (file)
--- a/testsuite/lib/systemtap.exp
+++ b/testsuite/lib/systemtap.exp
@@ -153,7 +153,7 @@ proc setup_server {} {
     exec chmod 666 $logfile
 
     # Try to find or start the server.
-    set server_pid [exec stap-start-server --log=$logfile]
+    set server_pid [exec env STAP_PR11197_OVERRIDE=1 stap-start-server --log=$logfile]
     if { "$server_pid" == "" } then {
        print "Cannot start a systemtap server"
        set server_pid 0