util: portably check for unchanged uid

author Eric Blake <eblake@redhat.com>

Thu, 14 Mar 2013 22:28:29 +0000 (16:28 -0600)

committer Eric Blake <eblake@redhat.com>

Fri, 15 Mar 2013 16:55:51 +0000 (10:55 -0600)
author Eric Blake <eblake@redhat.com>
Thu, 14 Mar 2013 22:28:29 +0000 (16:28 -0600)
committer Eric Blake <eblake@redhat.com>
Fri, 15 Mar 2013 16:55:51 +0000 (10:55 -0600)
diff --git a/cfg.mk b/cfg.mk

index b95a90b1ec5be8163935ad6a9088d0cdf446bd97..394521e476aa074b35850d65771910562e2a1118 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -389,6 +389,12 @@ sc_prohibit_setuid:
         halt='use virSetUIDGID, not raw set*id'                         \
           $(_sc_search_regexp)
  
+# Don't compare *id_t against raw -1.
+sc_prohibit_risky_id_promotion:
+       @prohibit='\b(user|group|[ug]id) *[=!]= *-'                     \
+       halt='cast -1 to ([ug]id_t) before comparing against id'        \
+         $(_sc_search_regexp)
+
  # Use snprintf rather than s'printf, even if buffer is provably large enough,
  # since gnulib has more guarantees for snprintf portability
  sc_prohibit_sprintf:
diff --git a/src/util/virutil.c b/src/util/virutil.c

index a0d15302dcdd715e1ecf05c62e55583ad8280d63..42b42954e39b71b9b8b37465f9dd160011ba3151 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -3011,7 +3011,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, unsigned long long capBits,
       * change the capabilities bounding set.
       */
  
-    if (clearExistingCaps || (uid != -1 && uid != 0))
+    if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0))
         capng_clear(CAPNG_SELECT_BOTH);
  
      for (ii = 0; ii <= CAP_LAST_CAP; ii++) {
author	Eric Blake <eblake@redhat.com>
	Thu, 14 Mar 2013 22:28:29 +0000 (16:28 -0600)
committer	Eric Blake <eblake@redhat.com>
	Fri, 15 Mar 2013 16:55:51 +0000 (10:55 -0600)
cfg.mk		patch \| blob \| blame \| history
src/util/virutil.c		patch \| blob \| blame \| history