From 3e6b1e441a3a9ac6d8232265caa358b4b6ad00bf Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Thu, 12 Nov 2009 10:23:59 -0500
Subject: [PATCH] Relax restrictions on ownership and access permissions of
 signer's cert database.

---
 modsign.cxx                     | 7 +++++++
 runtime/staprun/staprun_funcs.c | 1 +
 2 files changed, 8 insertions(+)

diff --git a/modsign.cxx b/modsign.cxx
index a73386e37..1fc4ef324 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -69,6 +69,7 @@ check_cert_file_permissions (
 
   rc = 1; // ok
 
+#if 0 // these checks are probably overkill
   // We must be the owner of the file.
   if (info.st_uid != euid)
     {
@@ -111,6 +112,8 @@ check_cert_file_permissions (
       cerr << "Certificate file " << cert_file << " must not be executable by others" << "."  << endl;
       rc = 0;
     }
+#endif // these checks are probably overkill
+
 
   return rc;
 }
@@ -141,6 +144,7 @@ check_db_file_permissions (
 
   rc = 1; // ok
 
+#if 0 // these checks are probably overkill
   // We must be the owner of the file.
   if (info.st_uid != euid)
     {
@@ -189,6 +193,7 @@ check_db_file_permissions (
       cerr << "Certificate database file " << cert_db_file << " must not be executable by others" << "."  << endl;
       rc = 0;
     }
+#endif // these checks are probably overkill
 
   return rc;
 }
@@ -220,6 +225,7 @@ check_cert_db_permissions (const string &cert_db_path) {
   // We must be the owner of the database.
   euid = geteuid ();
   pw = getpwuid (euid);
+#if 0 // these checks are probably overkill
   if (! pw)
     {
       cerr << "Unable to obtain current user information which checking certificate database "
@@ -259,6 +265,7 @@ check_cert_db_permissions (const string &cert_db_path) {
     }
   if ((info.st_mode & S_IXOTH) == 0)
     cerr << "Certificate database " << cert_db_path << " should be searchable by others" << "."  << endl;
+#endif // these checks are probably overkill
 
   // Now check the permissions of the critical files.
   rc &= check_db_file_permissions (cert_db_path + "/cert8.db", euid, pw);
diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c
index 4e6b9189a..4df1992c0 100644
--- a/runtime/staprun/staprun_funcs.c
+++ b/runtime/staprun/staprun_funcs.c
@@ -533,5 +533,6 @@ void assert_uprobes_module_permissions(
 		err("run '" BINDIR "/stap-authorize-signing-cert %s' as root\n",
 		    SYSCONFDIR "/systemtap/ssl/server/stap.cert");
 	}
+	exit(-1);
 #endif
 }
-- 
2.43.5