On 09/24/2018 11:57 AM, Ian Jackson wrote: > George Dunlap writes ("[PATCH v2 2/6] test/depriv: Add a tool to check > process-level depriv"): >> Add a tool to check whether the various process-level deprivileging >> operations have actually taken place on the process. > ... >> +# Example input: >> +# Uid: 1193 1193 1193 1193 >> +input=$(grep Uid /proc/$dmpid/status) > > Are you sure this grep does not need to be more specific ? What if a > new thing gets added, I don't know, > Sponglefleep-Uid-Blarking: yes 42
Yes, it probably should be more specific. >> +if [[ "$input" =~ >> ^Uid:[[:space:]]*([0-9]+)[[:space:]]*([0-9]+)[[:space:]]*([0-9]+)[[:space:]]*([0-9]+)$ >> ]] ; then > > I think I made most of my comments about this script in my other > review comments. > > But, specifically, here: if you are confident about the format of the > line in /proc/*/status, you could do > fields=($input) > for uid in ${fields[*]:1}; do > compare uid with expected I had something like that originally, but wasn't confident about it; when I ended up having to write the regexp for /proc/*/limits, I wrote one for here too to be a bit more safe. Linus considers almost any user-space reliance on kernel behavior as binding, so I suspect ($input) is probably safe enough if we want to remove at least one nasty Bash regexp. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel