From aedc343eba8b4f4789cdba8215efd4cfdc37a77a Mon Sep 17 00:00:00 2001
From: Nick Alcock <nick.alcock@oracle.com>
Date: Wed, 19 Jul 2017 15:44:05 +0100
Subject: [PATCH] ctf: do not allow dwarf2ctf to run as root

This is just insanely dangerous: with the addition of the CTF_DEBUGDIR
info it reads almost arbitrary DWARF.  elfutils is not root-rated and
frankly neither is dwarf2ctf, valgrind or no valgrind.  It's just too
complicated to risk that way.

Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Reviewed-by: Tomas Jedlicka <tomas.jedlicka@oracle.com>
Orabug: 25815362
---
 scripts/dwarf2ctf/dwarf2ctf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/dwarf2ctf/dwarf2ctf.c b/scripts/dwarf2ctf/dwarf2ctf.c
index 639198c70363..6b993ad86b6f 100644
--- a/scripts/dwarf2ctf/dwarf2ctf.c
+++ b/scripts/dwarf2ctf/dwarf2ctf.c
@@ -834,6 +834,11 @@ int main(int argc, char *argv[])
 
 	trace = getenv("DWARF2CTF_TRACE");
 
+	if (getuid() == 0 || geteuid() == 0) {
+		fprintf(stderr, "dwarf2ctf: run as a regular user, not root.\n");
+		exit(1);
+	}
+
 	if ((argc != 4 && argc != 8) ||
 	    (argc == 4 && strcmp(argv[2], "-e") != 0)) {
 		fprintf(stderr, "Syntax: dwarf2ctf output-file srcdir "
-- 
2.50.1