Danek Duvall wrote:
> On Wed, Nov 12, 2008 at 05:01:04PM -0800, Brock Pytlik wrote:
>
>> Line 59-60, 69-70: I'd rather see us not use this construction to assign
>> values. If I hadn't heard Danek mentioning this in the hall the other
>> day, I'd assume that user was set to a boolean value. IMO, it's a time
>> where being more verbose would make the code more accessible and
>> maintainable, but maybe I'm the only one.
>
> Perhaps a comment would suffice? Or maybe something of the form
>
> os.getenv("USER", os.getenv("LOGNAME", os.getenv("USERNAME")))
>
> ?
>
> Regardless, there *definitely* needs to be a comment explaining why we
> trust environment variables more than we trust kernel-provided code. It's
> unfortunate that The Primary Administrator profile is given uid=0 rather
> than euid=0, but since it's the big hammer, I guess it has to be big
> enough. Perhaps we should be using getauid() on Solaris?
Calling getauid() requires the proc_audit privilege.
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
