On Wed, Sep 09, 2015 at 12:06:56AM -0700, Andy Zhou wrote: > On Tue, Sep 8, 2015 at 5:29 PM, Ben Pfaff <[email protected]> wrote: > > On Thu, Sep 03, 2015 at 04:33:42PM -0700, Andy Zhou wrote: > >> Allow daemon running as root to accept --user option, that accepts > >> "user:group" string as input. Performs sanity check on the input, > >> and store the converted uid and gid. > >> > >> daemon_become_new_user() needs to be called to make the actual > >> switch. > >> > >> Signed-off-by: Andy Zhou <[email protected]> > > > I think that the parsing in daemon_set_new_user() assumes that white > > space, if present, will precede ':'. If not, then 'len' will end up > > negative, which looks bad to me. I think I'd just not bother worrying > > about white space in the parameter. > > > Sure, I can drop the check. Why would len end up being negative? If > pos is set, meaning : is part of the string, then strspn should not > look beyond pos, right?
Oops, you're right, sorry. > > I am not sure that it is valuable to check that the user belongs to the > > specified group. I don't think that other software tends to perform > > such a check; I don't see one in Apache, for example. > > > I got that idea from the "daemon" program. Would it otherwise be a > security risk of creating an illegal combination of user/group? I didn't know there was precedent for such a check; I hadn't ever seen one before. Leave it in, then, and we can reconsider if it happens to cause trouble for someone. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
