Hi, > Hopefully these changes are unreachable code, but better safe than sorry > when dealing with setuid root code that is installed everywhere. Quite > obviously the introduced abort() calls protect from impossible inputs. > Secondly set all possible data to be read-only in attempt to make it more > difficult to alter anything at all. > Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects > Signed-off-by: Sami Kerola <kerolasa@xxxxxx> > --- > login-utils/su-common.c | 53 +++++++++++++++++++++++------------------- > login-utils/sulogin-consoles.c | 20 ++++++++-------- > login-utils/sulogin.c | 39 ++++++++++++------------------- > 3 files changed, 54 insertions(+), 58 deletions(-) > diff --git a/login-utils/su-common.c b/login-utils/su-common.c > index 41f2b1cea..08f327c50 100644 > --- a/login-utils/su-common.c > +++ b/login-utils/su-common.c <snip> > - int retval; > + const int retval = pam_open_session (pamh, 0);; ^ double semicolon. Kind regards, Petr -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
