Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
cmd/snap-confine: use defensive argument parser #3026
Conversation
stolowski
approved these changes
Mar 14, 2017
Looks very nice, readability is much better than the original. One minor nitpick (a general comment rather) - IMHO it would be good to make even simple if-statements such as:
if (cond)
do_something();
into:
if (cond) {
do_something();
}
It just feels good especially for security-sensitive code (but surely in this particular change it's always followed by die(), so no real risks).
| + return 1; | ||
| + } | ||
| + // We don't want to handle any other errors, just die if we see one. | ||
| + sc_die_on_error(err); |
niemeyer
Mar 14, 2017
•
Contributor
This should be something like this instead:
err = sc_parse_args(&argc, &argv, &args);
sc_die_on_error(err);
The usage error may be an actual error inside the respective logic instead of just a code:
error *usage_error = errorf("Usage: snap-confine <security tag> <executable>")
zyga
added some commits
Mar 14, 2017
chipaca
approved these changes
May 3, 2017
LGTM. Not sure github will let you land it while gustavo's changes-requested is still there though.
zyga
merged commit b1d7de4
into
snapcore:master
May 9, 2017
6 of 7 checks passed
xenial-amd64
autopkgtest finished (failure)
Details
artful-amd64
autopkgtest finished (success)
Details
continuous-integration/travis-ci/pr
The Travis CI build passed
Details
xenial-i386
autopkgtest finished (success)
Details
xenial-ppc64el
autopkgtest finished (success)
Details
yakkety-amd64
autopkgtest finished (success)
Details
zesty-amd64
autopkgtest finished (success)
Details
zyga
deleted the
zyga:use-arg-parser
branch
May 9, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zyga commentedMar 14, 2017
This switches snap-confine to the far more tested and resilient argument
parser. This fixes a possible attack vector where a malicious
application would fork/exec snap-confine with especially crafted
argument vector.
Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com