Re: [SSSD] [PATCH] SELINUX: Check the return value of setuid and setgid

Pavel Reichl Wed, 28 Jan 2015 00:30:07 -0800


On 01/27/2015 08:35 PM, Jakub Hrozek wrote:

       */
      if (getuid() != 0) {
-        setuid(0);
+        errno = 0;

I don't think we need to null errno in this case

+        ret = setuid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setuid failed: %d, selinux_child might not work!\n", ret);
+        }
      }

if (getgid() != 0) {

-        setgid(0);
+        errno = 0;

same here

+        ret = setgid(0);
+        if (ret == -1) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "setgid failed: %d, selinux_child might not work!\n", ret);
+        }
      }

Patch looks good to me. I have just a nitpick about nulling errno.


After applying the patch clang-analyser no longer reports the warnings.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Re: [SSSD] [PATCH] SELINUX: Check the return value of setuid and setgid

Reply via email to