[apparmor] [PATCH] various aa-notify fixes
Jamie Strandboge
jamie at canonical.com
Wed Aug 17 12:44:33 UTC 2011
On Tue, 2011-08-16 at 16:29 -0700, John Johansen wrote:
> > diff:
> > === modified file 'utils/aa-notify'
> > --- utils/aa-notify 2010-11-04 00:03:52 +0000
> > +++ utils/aa-notify 2011-08-16 21:57:02 +0000
> > @@ -122,7 +122,8 @@
> > if ($< == 0) {
> > $login = "root";
> > if (defined($ENV{SUDO_UID}) and defined($ENV{SUDO_GID})) {
> > - POSIX::setgid($ENV{SUDO_GID}) or _error("Could not change gid");
> > + $) = "$ENV{SUDO_GID} $ENV{SUDO_GID}" or _error("Could not change egid");
> > + $( = $ENV{SUDO_GID} or _error("Could not change gid");
> > $> = $ENV{SUDO_UID} or _error("Could not change euid");
> > defined($ENV{SUDO_USER}) and $login = $ENV{SUDO_USER};
> > } else {
> > @@ -131,7 +132,9 @@
> > $drop_to = $opt_u;
> > }
> > # nobody/nogroup
> > - POSIX::setgid(scalar(getgrnam($nobody_group))) or _error("Could not change gid to '$nobody_group'");
> > + my $nam = scalar(getgrnam($nobody_group));
> > + $) = "$nam $nam" or _error("Could not change egid");
> > + $( = $nam or _error("Could not change gid");
> > $> = scalar(getpwnam($drop_to)) or _error("Could not change euid to '$drop_to'");
> > }
> > } else {
> >
> Thankyou for reminding me why I HATE perl
>
> you need to check $! after the assignment of $( and $) for errors
I do. In each of these I do 'or _error(...)...' which will bail out of
the script and return '1'. Is this not enough?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110817/76b0cd52/attachment.pgp>
More information about the AppArmor
mailing list