# Compile server manager for systemtap
#
-# Copyright (C) 2008, 2009 Red Hat Inc.
+# Copyright (C) 2008-2010 Red Hat Inc.
#
# This file is part of systemtap, and is free software. You can
# redistribute it and/or modify it under the terms of the GNU General
# Initialize the environment
. ${PKGLIBEXECDIR}stap-env
+# PR11197: security prophylactics
+if [ -z "$STAP_PR11197_OVERRIDE" ]; then
+ # 1) reject use as root, except via a special environment variable
+ if [ `id -u` -eq 0 ]; then
+ echo "For security reasons, invocation of stap-server as root is not supported." 1>&2
+ exit 1
+ fi
+ # 2) ... etc ...
+fi
+
+
#-----------------------------------------------------------------------------
# Helper functions.
#-----------------------------------------------------------------------------
exec chmod 666 $logfile
# Try to find or start the server.
- set server_pid [exec stap-start-server --log=$logfile]
+ set server_pid [exec env STAP_PR11197_OVERRIDE=1 stap-start-server --log=$logfile]
if { "$server_pid" == "" } then {
print "Cannot start a systemtap server"
set server_pid 0