From 2ccdbd73c72b6d7d3f5ebe39b8216211a93b9d68 Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@redhat.com>
Date: Mon, 17 Jan 2011 07:22:36 -0500
Subject: [PATCH] upstream release 1.4

---
 .gitignore              |   1 +
 rhbz653606,653604.patch | 115 ----------------------------------------
 sources                 |   2 +-
 3 files changed, 2 insertions(+), 116 deletions(-)
 delete mode 100644 rhbz653606,653604.patch

diff --git a/.gitignore b/.gitignore
index 43a6c77..2f4b68c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 systemtap-1.3.tar.gz
+/systemtap-1.4.tar.gz
diff --git a/rhbz653606,653604.patch b/rhbz653606,653604.patch
deleted file mode 100644
index dbd9690..0000000
--- a/rhbz653606,653604.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff --git a/runtime/staprun/staprun.c b/runtime/staprun/staprun.c
-index d72e335..ca245e3 100644
---- a/runtime/staprun/staprun.c
-+++ b/runtime/staprun/staprun.c
-@@ -119,19 +119,7 @@ static int enable_uprobes(void)
- 	if (run_as(0, uid, gid, argv[0], argv) == 0)
- 		return 0;
- 
--	/*
--	 * TODO: If user can't setresuid to root here, staprun will exit.
--	 * Is there a situation where that would fail but the subsequent
--	 * attempt to insert_module() would succeed?
--	 */
--	dbug(2, "Inserting uprobes module from /lib/modules, if any.\n");
--	i = 0;
--	argv[i++] = "/sbin/modprobe";
--	argv[i++] = "-q";
--	argv[i++] = "uprobes";
--	argv[i] = NULL;
--	if (run_as(0, 0, 0, argv[0], argv) == 0)
--		return 0;
-+        /* NB: don't use /sbin/modprobe, without more env. sanitation. */
- 
- 	/* This module may be signed, so use insert_module to load it.  */
- 	snprintf (runtimeko, sizeof(runtimeko), "%s/uprobes/uprobes.ko",
-@@ -190,9 +178,16 @@ static int remove_module(const char *name, int verb)
- 		return 0;
- 	}
- 
--        /* We could call init_ctl_channel / close_ctl_channel here, as a heuristic
--           to determine whether the module is being used by some other stapio process.
--           However, delete_module() does basically the same thing. */
-+        /* We call init_ctl_channel/close_ctl_channel to check whether
-+           the module is a systemtap-built one (having the right files),
-+           and that it's already unattached (because otherwise it'd EBUSY
-+           the opens. */
-+        ret = init_ctl_channel (name, 0);
-+        if (ret < 0) {
-+                err("Error, '%s' is not a zombie systemtap module.\n", name);
-+                return ret;
-+        }
-+        close_ctl_channel ();
- 
- 	dbug(2, "removing module %s\n", name);
- 	STAP_PROBE1(staprun, remove__module, name);
-@@ -227,7 +222,7 @@ int init_staprun(void)
-                      without first removing the kernel module.  This would block
-                      a subsequent rerun attempt.  So here we gingerly try to
-                      unload it first. */
--		  int ret = delete_module (modname, O_NONBLOCK);
-+                  int ret = remove_module (modname, 0);
- 		  err("Retrying, after attempted removal of module %s (rc %d)\n", modname, ret);
- 		  /* Then we try an insert a second time.  */
- 		  if (insert_stap_module() < 0)
-diff --git a/README.security b/README.security
-index 124ad8d..998bf3d 100644
---- a/README.security
-+++ b/README.security
-@@ -15,7 +15,7 @@ following:
- 
-  * the root user;
- 
-- * a member of the 'stapdev' group; or
-+ * a member of both 'stapdev' and 'stapusr' groups; or
- 
-  * a member of the 'stapusr' group.  Members of the stapusr group can
-    only use modules located in the /lib/modules/VERSION/systemtap
-@@ -23,8 +23,8 @@ following:
-    directory must be owned by root and not be world writable.
- 
- So, there are two classes of users: systemtap developers (the root user
--and members of the stapdev group) and systemtap users (members of the
--stapusr group).  Systemtap developers can compile and run any
-+and members of the stapdev/stapusr groups) and systemtap users (members of
-+only the stapusr group).  Systemtap developers can compile and run any
- systemtap script.  Systemtap users can only run "approved"
- pre-compiled modules located in /lib/modules/VERSION/systemtap.
- 
-diff --git a/staprun.8 b/staprun.8
-index f4a5a08..7523031 100644
---- a/staprun.8
-+++ b/staprun.8
-@@ -205,14 +205,14 @@ structures and potentially private user information.  See the
- .IR stap (1)
- manual page for additional information on safety and security.
- .PP
--To increase system security, only the root user and members of the
--.I stapdev
--group can use
-+To increase system security, only the root user and members of both
-+.I stapdev " and " staprun
-+groups can use
- .I staprun
- to insert systemtap modules (or attach to existing ones).
- Members of the
- .I stapusr
--group can use
-+group only can use
- .I staprun
- to insert or remove systemtap modules (or attach to existing systemtap modules)
- under the following conditions:
-diff --git a/runtime/staprun/ctl.c b/runtime/staprun/ctl.c
-index 335006e..8baf0db 100644
---- a/runtime/staprun/ctl.c
-+++ b/runtime/staprun/ctl.c
-@@ -27,6 +27,9 @@ int init_ctl_channel(const char *name, int verb)
- 			return -2;
- 	}
- 
-+	if (access(buf, R_OK|W_OK) != 0)
-+		return -5;
-+
- 	control_channel = open(buf, O_RDWR);
- 	dbug(2, "Opened %s (%d)\n", buf, control_channel);
- 	if (control_channel < 0) {
diff --git a/sources b/sources
index 3afe7ee..41a71db 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-044a0d225de53498fb62d25724af3fd7  systemtap-1.3.tar.gz
+c5c9c2087c2aa0459b90e690a5ca95d0  systemtap-1.4.tar.gz