Add more comment warnings around security critical code.

Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I1ca4a54d076a8f95850f329168c941806bc56b16

common/security.h

@@ -28,6 +28,8 @@
 #  error "include config.h for user id";
 #endif
 
+/*WARNING: PRIVILEGED CODE CHECKING START */
+
 inline int hasUID(const char *userId)
 {
     struct passwd *pw = getpwuid(getuid());
@@ -107,4 +109,6 @@ inline int hasAnyCapability()
 #endif
 }
 
+/*WARNING: PRIVILEGED CODE CHECKING END */
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

kit/ForKit.cpp

@@ -534,7 +534,7 @@ int forkit_main(int argc, char** argv)
     /*WARNING*/         checkCoolUser = false;
     /*WARNING*/ }
 
-    /*WARNING*/ if (!hasCorrectUID("coolforkit"))
+    /*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolforkit"))
     /*WARNING*/ {
     /*WARNING*/     // don't allow if any capability is set (unless root; who runs this
     /*WARNING*/     // as root or runs this in a container and provides --disable-cool-user-checking knows what they

tools/mount.cpp

@@ -149,11 +149,13 @@ void usage(const char* program)
 
 int main(int argc, char** argv)
 {
-    if (!hasCorrectUID(/* appName = */"coolmount"))
+    /*WARNING: PRIVILEGED CODE CHECKING START */
-    {
+    /*WARNING*/ if (!hasCorrectUID(/* appName = */ "coolmount"))
-        fprintf(stderr, "Aborting.\n");
+    /*WARNING*/ {
-        return EX_SOFTWARE;
+    /*WARNING*/    fprintf(stderr, "Aborting.\n");
-    }
+    /*WARNING*/    return EX_SOFTWARE;
+    /*WARNING*/ }
+    /*WARNING: PRIVILEGED CODE CHECKING END */
 
     const char* program = argv[0];
     if (argc < 3)