On 24 April 2017 at 13:24, Petr Vorel <petr.vorel@xxxxxxxxx> wrote: >> Hopefully these changes are unreachable code, but better safe than sorry >> when dealing with setuid root code that is installed everywhere. Quite >> obviously the introduced abort() calls protect from impossible inputs. > >> Secondly set all possible data to be read-only in attempt to make it more >> difficult to alter anything at all. > >> Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects >> Signed-off-by: Sami Kerola <kerolasa@xxxxxx> >> --- >> login-utils/su-common.c | 53 +++++++++++++++++++++++------------------- >> login-utils/sulogin-consoles.c | 20 ++++++++-------- >> login-utils/sulogin.c | 39 ++++++++++++------------------- >> 3 files changed, 54 insertions(+), 58 deletions(-) > >> diff --git a/login-utils/su-common.c b/login-utils/su-common.c >> index 41f2b1cea..08f327c50 100644 >> --- a/login-utils/su-common.c >> +++ b/login-utils/su-common.c > <snip> >> - int retval; >> + const int retval = pam_open_session (pamh, 0);; > ^ > double semicolon. Thank you Petr, fixed and attributed. https://github.com/kerolasa/lelux-utiliteetit/commit/c12bebe9cfe3396b9af7110e80b07103514dfe91 p.s. Karel the ioctl() &mode is fixed as well. -- Sami Kerola http://www.iki.fi/kerolasa/ -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
