On 02/07/2013 02:37 PM, Laine Stump wrote:
> setregid() and setreuid() already interpret -1 as a NOP, so this is
> just an optimization for those, but we are also calling getpwuid_r and
> initgroups, and it's unclear what the former would do with a uid of
> -1.
> ---
> src/util/virutil.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/util/virutil.c b/src/util/virutil.c
> index 24ba954..fddc39e 100644
> --- a/src/util/virutil.c
> +++ b/src/util/virutil.c
> @@ -2687,7 +2687,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
> int err;
> char *buf = NULL;
>
> - if (gid > 0) {
> + if (gid != -1 && gid > 0) {
gid_t might be an unsigned type, or it might be a signed type. Really,
the only time we should not attempt setregid is if it it was -1; or if
we are optimizing for gid==0; but we can't really use gid > 0 as a valid
test. Also, the width of gid_t is not mandated by POSIX, so the only
portable way to compare to -1 is with a cast. I think you want:
if (gid && gid != (gid_t)-1) {
> @@ -2696,7 +2696,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
> }
> }
>
> - if (uid > 0) {
> + if (uid != -1 && uid > 0) {
Likewise, you want:
if (uid && uid != (uid_t)-1) {
I'm not clear on whether avoiding these functions for uid/gid==0 makes
sense, or if you instead want:
if (uid != (uid_t)-1) {
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list