Print this page
2917 DTrace in a zone should have limited provider access
*** 1298,1320 ****
if (pops->dtps_mode != NULL) {
mode = pops->dtps_mode(prov->dtpv_arg,
probe->dtpr_id, probe->dtpr_arg);
! ASSERT((mode & DTRACE_MODE_USER) ||
! (mode & DTRACE_MODE_KERNEL));
! ASSERT((mode & DTRACE_MODE_NOPRIV_RESTRICT) ||
! (mode & DTRACE_MODE_NOPRIV_DROP));
}
/*
* If the dte_cond bits indicate that this consumer is only allowed to
! * see user-mode firings of this probe, call the provider's dtps_mode()
! * entry point to check that the probe was fired while in a user
! * context. If that's not the case, use the policy specified by the
! * provider to determine if we drop the probe or merely restrict
! * operation.
*/
if (ecb->dte_cond & DTRACE_COND_USERMODE) {
ASSERT(mode != DTRACE_MODE_NOPRIV_DROP);
if (!(mode & DTRACE_MODE_USER)) {
--- 1298,1318 ----
if (pops->dtps_mode != NULL) {
mode = pops->dtps_mode(prov->dtpv_arg,
probe->dtpr_id, probe->dtpr_arg);
! ASSERT(mode & (DTRACE_MODE_USER | DTRACE_MODE_KERNEL));
! ASSERT(mode & (DTRACE_MODE_NOPRIV_RESTRICT |
! DTRACE_MODE_NOPRIV_DROP));
}
/*
* If the dte_cond bits indicate that this consumer is only allowed to
! * see user-mode firings of this probe, check that the probe was fired
! * while in a user context. If that's not the case, use the policy
! * specified by the provider to determine if we drop the probe or
! * merely restrict operation.
*/
if (ecb->dte_cond & DTRACE_COND_USERMODE) {
ASSERT(mode != DTRACE_MODE_NOPRIV_DROP);
if (!(mode & DTRACE_MODE_USER)) {
*** 1377,1386 ****
--- 1375,1393 ----
mstate->dtms_access &=
~(DTRACE_ACCESS_PROC | DTRACE_ACCESS_ARGS);
}
}
+ /*
+ * By merits of being in this code path at all, we have limited
+ * privileges. If the provider has indicated that limited privileges
+ * are to denote restricted operation, strip off the ability to access
+ * arguments.
+ */
+ if (mode & DTRACE_MODE_LIMITEDPRIV_RESTRICT)
+ mstate->dtms_access &= ~DTRACE_ACCESS_ARGS;
+
return (1);
}
/*
* Note: not called from probe context. This function is called