Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
cmd/snap-confine: use defensive argument parser #3026
Conversation
Some checks were not successful
stolowski
approved these changes
Mar 14, 2017
Looks very nice, readability is much better than the original. One minor nitpick (a general comment rather) - IMHO it would be good to make even simple if-statements such as:
if (cond)
do_something();
into:
if (cond) {
do_something();
}
It just feels good especially for security-sensitive code (but surely in this particular change it's always followed by die(), so no real risks).
All checks have failed
| + return 1; | ||
| + } | ||
| + // We don't want to handle any other errors, just die if we see one. | ||
| + sc_die_on_error(err); |
niemeyer
Mar 14, 2017
•
Edited 1 time
-
niemeyer
Mar 14, 2017
Contributor
Edited 1 time
-
Mar 14, 2017
This should be something like this instead:
err = sc_parse_args(&argc, &argv, &args);
sc_die_on_error(err);
The usage error may be an actual error inside the respective logic instead of just a code:
error *usage_error = errorf("Usage: snap-confine <security tag> <executable>")
zyga
added some commits
Mar 14, 2017
Some checks were not successful
continuous-integration/travis-ci/pr
— The Travis CI build could not complete due to an error
Some checks were not successful
All checks have passed
Some checks were not successful
Some checks were not successful
Some checks were not successful
chipaca
approved these changes
May 3, 2017
LGTM. Not sure github will let you land it while gustavo's changes-requested is still there though.
zyga
merged commit b1d7de4
into
snapcore:master
May 9, 2017
6 of 7 checks passed
xenial-amd64
autopkgtest finished (failure)
Details
artful-amd64
autopkgtest finished (success)
Details
continuous-integration/travis-ci/pr
The Travis CI build passed
Details
xenial-i386
autopkgtest finished (success)
Details
xenial-ppc64el
autopkgtest finished (success)
Details
yakkety-amd64
autopkgtest finished (success)
Details
zesty-amd64
autopkgtest finished (success)
Details
zyga
deleted the
zyga:use-arg-parser
branch
May 9, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zyga commentedMar 14, 2017
This switches snap-confine to the far more tested and resilient argument
parser. This fixes a possible attack vector where a malicious
application would fork/exec snap-confine with especially crafted
argument vector.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com