Add more comment warnings around security critical code.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com> Change-Id: I1ca4a54d076a8f95850f329168c941806bc56b16pull/8986/head
parent
9d67fe24d2
commit
72bbc375be
|
@ -28,6 +28,8 @@
|
|||
# error "include config.h for user id";
|
||||
#endif
|
||||
|
||||
/*WARNING: PRIVILEGED CODE CHECKING START */
|
||||
|
||||
inline int hasUID(const char *userId)
|
||||
{
|
||||
struct passwd *pw = getpwuid(getuid());
|
||||
|
@ -107,4 +109,6 @@ inline int hasAnyCapability()
|
|||
#endif
|
||||
}
|
||||
|
||||
/*WARNING: PRIVILEGED CODE CHECKING END */
|
||||
|
||||
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||
|
|
|
@ -534,7 +534,7 @@ int forkit_main(int argc, char** argv)
|
|||
/*WARNING*/ checkCoolUser = false;
|
||||
/*WARNING*/ }
|
||||
|
||||
/*WARNING*/ if (!hasCorrectUID("coolforkit"))
|
||||
/*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolforkit"))
|
||||
/*WARNING*/ {
|
||||
/*WARNING*/ // don't allow if any capability is set (unless root; who runs this
|
||||
/*WARNING*/ // as root or runs this in a container and provides --disable-cool-user-checking knows what they
|
||||
|
|
|
@ -149,11 +149,13 @@ void usage(const char* program)
|
|||
|
||||
int main(int argc, char** argv)
|
||||
{
|
||||
if (!hasCorrectUID(/* appName = */"coolmount"))
|
||||
{
|
||||
fprintf(stderr, "Aborting.\n");
|
||||
return EX_SOFTWARE;
|
||||
}
|
||||
/*WARNING: PRIVILEGED CODE CHECKING START */
|
||||
/*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolmount"))
|
||||
/*WARNING*/ {
|
||||
/*WARNING*/ fprintf(stderr, "Aborting.\n");
|
||||
/*WARNING*/ return EX_SOFTWARE;
|
||||
/*WARNING*/ }
|
||||
/*WARNING: PRIVILEGED CODE CHECKING END */
|
||||
|
||||
const char* program = argv[0];
|
||||
if (argc < 3)
|
||||
|
|
Loading…
Reference in New Issue