[DTrace-devel] -w destructive actions
Eugene Loh
eugene.loh at oracle.com
Fri Jul 24 14:37:28 PDT 2020
I'm curious how we should be supporting "dtrace -w" -- that is, how to
prevent users from performing destructive actions unless they are
explicitly allowed via the -w option.
If I understand correctly, DTv1 does stuff that is not directly
applicable to DTv2:
*) some static analysis (which we've gutted out)
*) an ioctl() (but now we have everything in user space)
I was thinking about one idea.
In dt_cg.c, we define dt_cg_actions[], an array that gives a function --
and optionally a dtrace_actkind_t -- for each DT_ACT_*. Only in a few
cases is the dtrace_actkind_t set. I assume that's because if that
"kind" is needed, it can usually be hardcoded into the function that's
called. But, hard to know since so few of these action functions are
implemented at this point.
One possibility is to define the dtrace_actkind_t, at least for
destructive actions. Then, in dt_cg() in
idp = act->dn_expr->dn_ident;
actdp =
&_dt_cg_actions[DT_ACT_IDX(idp->di_id)];
if (actdp->fun)
actdp->fun(pcb, act->dn_expr,
actdp->kind);
we can check DTRACEACT_ISDESTRUCTIVE(actdp->kind) in the case that
dtrace_getopt(g_dtp, "destructive", &opt) was not set. Note that
DTRACEACT_ISDESTRUCTIVE(0) is 0. So, if a non-destructive action has
kind==0, you're okay.
Dunno. I'm fishing for ideas. This idea might not be great, but it
should be easy and a substantial improvement over what we have now --
that is, nothing.
More information about the DTrace-devel
mailing list