From 5e8a3b7b558273fa06525f642fdf2d678dde85eb Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Thu, 3 Sep 2009 16:13:30 -0400 Subject: [PATCH] Allow process begin/end probes for unprivileged users. 2009-09-03 Dave Brolley * tapsets.cxx (visit_cast_op): Don't disallow unprivileged users. Annotate synthesized function with /* unprivileged */. * tapset-utrace.cxx (register_tapset_utrace): Call allow_unprivileged for process begin and end probes. * translate.cxx (translate_pass): Generate '#define STP_PRIVILEGED 1' unless --unprivileged was specified. * runtime/transport/transport.c: Don't define _stp_unprivileged_user. * runtime/task_finder.c (__stp_utrace_attach_match_filename): Check that _stp_uid equals the task euid when STP_PRIVILEGED is not defined. (stap_start_task_finder): Likewise. * runtime/staprun/staprun.c (insert_stap_module): Don't generate module option _stp_unprivileged_user. --- runtime/staprun/staprun.c | 10 +--------- runtime/task_finder.c | 23 +++++++++++++++++++++++ runtime/transport/transport.c | 4 ---- tapset-utrace.cxx | 20 ++++++++++++++------ tapsets.cxx | 5 ++--- translate.cxx | 2 ++ 6 files changed, 42 insertions(+), 22 deletions(-) diff --git a/runtime/staprun/staprun.c b/runtime/staprun/staprun.c index 7eb7f28fe..da3e304b0 100644 --- a/runtime/staprun/staprun.c +++ b/runtime/staprun/staprun.c @@ -145,19 +145,11 @@ static int enable_uprobes(void) static int insert_stap_module(void) { char special_options[128]; - char *bufptr = special_options; /* Add the _stp_bufsize option. */ - if (snprintf_chk(bufptr, sizeof (special_options), "_stp_bufsize=%d", buffer_size)) + if (snprintf_chk(special_options, sizeof (special_options), "_stp_bufsize=%d", buffer_size)) return -1; - /* Add the _stp_unprivileged_user option. */ - bufptr += strlen (bufptr); - if (snprintf_chk(bufptr, - sizeof (special_options) - (bufptr - special_options), - " _stp_unprivileged_user=%d", unprivileged_user)) - return -1; - return insert_module(modpath, special_options, modoptions); } diff --git a/runtime/task_finder.c b/runtime/task_finder.c index ca807020a..fb6dc20dc 100644 --- a/runtime/task_finder.c +++ b/runtime/task_finder.c @@ -753,6 +753,18 @@ __stp_utrace_attach_match_filename(struct task_struct *tsk, /* Notice that "pid == 0" (which means to probe all * threads) falls through. */ +#ifndef STP_PRIVILEGED + /* Make sure unprivileged users only probe their own threads. */ + if (_stp_uid != tsk->euid) { + if (tgt->pid != 0) { + _stp_warn("Process %d does not belong to unprivileged user %d", + tsk->pid, _stp_uid); + } + continue; + } +#endif + + // Set up events we need for attached tasks. When // register_p is set, we won't actually call the // callbacks here - we'll call it when the thread gets @@ -1414,6 +1426,17 @@ stap_start_task_finder(void) /* Notice that "pid == 0" (which means to * probe all threads) falls through. */ +#ifndef STP_PRIVILEGED + /* Make sure unprivileged users only probe their own threads. */ + if (_stp_uid != tsk->euid) { + if (tgt->pid != 0) { + _stp_warn("Process %d does not belong to unprivileged user %d", + tsk->pid, _stp_uid); + } + continue; + } +#endif + // Set up events we need for attached tasks. rc = __stp_utrace_attach(tsk, &tgt->ops, tgt, __STP_ATTACHED_TASK_EVENTS, diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c index ec73f05fe..1d029e537 100644 --- a/runtime/transport/transport.c +++ b/runtime/transport/transport.c @@ -59,10 +59,6 @@ static int _stp_bufsize; module_param(_stp_bufsize, int, 0); MODULE_PARM_DESC(_stp_bufsize, "buffer size"); -static int _stp_unprivileged_user; -module_param(_stp_unprivileged_user, int, 1); -MODULE_PARM_DESC(_stp_unprivileged_user, "user is unprivileged"); - /* forward declarations */ static void probe_exit(void); static int probe_start(void); diff --git a/tapset-utrace.cxx b/tapset-utrace.cxx index 6872c87c0..d9d95f823 100644 --- a/tapset-utrace.cxx +++ b/tapset-utrace.cxx @@ -1033,12 +1033,20 @@ register_tapset_utrace(systemtap_session& s) for (unsigned i = 0; i < roots.size(); ++i) { - roots[i]->bind(TOK_BEGIN)->bind(builder); - roots[i]->bind(TOK_END)->bind(builder); - roots[i]->bind(TOK_THREAD)->bind(TOK_BEGIN)->bind(builder); - roots[i]->bind(TOK_THREAD)->bind(TOK_END)->bind(builder); - roots[i]->bind(TOK_SYSCALL)->bind(builder); - roots[i]->bind(TOK_SYSCALL)->bind(TOK_RETURN)->bind(builder); + roots[i]->bind(TOK_BEGIN) + ->allow_unprivileged() + ->bind(builder); + roots[i]->bind(TOK_END) + ->allow_unprivileged() + ->bind(builder); + roots[i]->bind(TOK_THREAD)->bind(TOK_BEGIN) + ->bind(builder); + roots[i]->bind(TOK_THREAD)->bind(TOK_END) + ->bind(builder); + roots[i]->bind(TOK_SYSCALL) + ->bind(builder); + roots[i]->bind(TOK_SYSCALL)->bind(TOK_RETURN) + ->bind(builder); } } diff --git a/tapsets.cxx b/tapsets.cxx index fccb73c88..6a52050c1 100644 --- a/tapsets.cxx +++ b/tapsets.cxx @@ -2510,9 +2510,6 @@ void dwarf_cast_expanding_visitor::filter_special_modules(string& module) void dwarf_cast_expanding_visitor::visit_cast_op (cast_op* e) { - if (s.unprivileged) - throw semantic_error("typecasting may not be used when --unprivileged is specified", e->tok); - bool lvalue = is_active_lvalue(e); if (lvalue && !s.guru_mode) throw semantic_error("write to typecast value not permitted", e->tok); @@ -2618,6 +2615,8 @@ void dwarf_cast_expanding_visitor::visit_cast_op (cast_op* e) else ec->code += "/* pure */"; + ec->code += "/* unprivileged */"; + s.functions[fdecl->name] = fdecl; // Synthesize a functioncall. diff --git a/translate.cxx b/translate.cxx index 65acd2cab..c0f7b48bb 100644 --- a/translate.cxx +++ b/translate.cxx @@ -5210,6 +5210,8 @@ translate_pass (systemtap_session& s) if (ri.recursive) nesting += 10; // This is at the very top of the file. + if (! s.unprivileged) + s.op->newline() << "#define STP_PRIVILEGED 1"; s.op->newline() << "#ifndef MAXNESTING"; s.op->newline() << "#define MAXNESTING " << nesting; s.op->newline() << "#endif"; -- 2.43.5