[Merge] lp:~jamesodhunt/upstart/remove-basic-user-sessions into lp:upstart
Steve Langasek
steve.langasek at canonical.com
Tue Jan 29 07:52:19 UTC 2013
Review: Needs Fixing
Several places in the code, you're using this construction:
if (control_get_origin_uid (message, &origin_uid) && origin_uid != uid) {
// EPERM
So if the control_get_origin_uid() function fails, access is granted. This seems like a bad idea, as it means anyone who can figure out a way to break the function can get access. I think it's probably better to do:
if (!control_get_origin_uid (message, &origin_uid) || origin_uid != uid) {
// EPERM
Otherwise, this looks good to me.
--
https://code.launchpad.net/~jamesodhunt/upstart/remove-basic-user-sessions/+merge/144873
Your team Upstart Reviewers is subscribed to branch lp:upstart.
More information about the upstart-devel
mailing list