[apparmor] [PATCH] various aa-notify fixes
John Johansen
john.johansen at canonical.com
Wed Aug 17 18:27:39 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/17/2011 06:12 AM, John Johansen wrote:
> On 08/17/2011 05:44 AM, Jamie Strandboge wrote:
>> On Tue, 2011-08-16 at 16:29 -0700, John Johansen wrote:
>>>> diff:
>>>> === modified file 'utils/aa-notify'
>>>> --- utils/aa-notify 2010-11-04 00:03:52 +0000
>>>> +++ utils/aa-notify 2011-08-16 21:57:02 +0000
>>>> @@ -122,7 +122,8 @@
>>>> if ($< == 0) {
>>>> $login = "root";
>>>> if (defined($ENV{SUDO_UID}) and defined($ENV{SUDO_GID})) {
>>>> - POSIX::setgid($ENV{SUDO_GID}) or _error("Could not change gid");
>>>> + $) = "$ENV{SUDO_GID} $ENV{SUDO_GID}" or _error("Could not change egid");
>>>> + $( = $ENV{SUDO_GID} or _error("Could not change gid");
>>>> $> = $ENV{SUDO_UID} or _error("Could not change euid");
>>>> defined($ENV{SUDO_USER}) and $login = $ENV{SUDO_USER};
>>>> } else {
>>>> @@ -131,7 +132,9 @@
>>>> $drop_to = $opt_u;
>>>> }
>>>> # nobody/nogroup
>>>> - POSIX::setgid(scalar(getgrnam($nobody_group))) or _error("Could not change gid to '$nobody_group'");
>>>> + my $nam = scalar(getgrnam($nobody_group));
>>>> + $) = "$nam $nam" or _error("Could not change egid");
>>>> + $( = $nam or _error("Could not change gid");
>>>> $> = scalar(getpwnam($drop_to)) or _error("Could not change euid to '$drop_to'");
>>>> }
>>>> } else {
>>>>
>>> Thankyou for reminding me why I HATE perl
>>>
>>> you need to check $! after the assignment of $( and $) for errors
>
>> I do. In each of these I do 'or _error(...)...' which will bail out of
>> the script and return '1'. Is this not enough?
>
> sigh, yes you are and it is just ignore me
>
oh and also
Acked-by: John Johansen <john.johansen at canonical.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5MCBsACgkQxAVxIsEKI+bMjQCfVocoXBvFRO+Bxk/CsMyeKaSd
UHMAn3XtY8N1k6QHNcQJK3msFhW6Ki3X
=LyKQ
-----END PGP SIGNATURE-----
More information about the AppArmor
mailing list