From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:34207) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TLzHL-0002MW-8Y for qemu-devel@nongnu.org; Wed, 10 Oct 2012 12:37:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TLzHJ-0003mz-UJ for qemu-devel@nongnu.org; Wed, 10 Oct 2012 12:37:03 -0400 Message-ID: <5075A420.10003@redhat.com> Date: Wed, 10 Oct 2012 18:36:48 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1349868762-10021-1-git-send-email-pbonzini@redhat.com> <50759EEC.8070308@weilnetz.de> <50759F9E.3060800@redhat.com> <5075A0FF.3080904@weilnetz.de> In-Reply-To: <5075A0FF.3080904@weilnetz.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] virtfs-proxy-helper: check return code of setfsgid/setfsuid List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Weil Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org Il 10/10/2012 18:23, Stefan Weil ha scritto: > < 0 would be wrong because it looks like both functions never > return negative values. > I just wrote a small test program (see > below) and called it with different uids with and without root > rights. This pattern should be fine: > > new_uid = setfsuid(uid); > if (new_uid != 0 && new_uid != uid) { > return -1; > } I didn't really care about this case. I assumed that the authors knew what they were doing... What I cared about is: "When glibc determines that the argument is not a valid group ID, it will return -1 and set errno to EINVAL without attempting the system call". I think this would also work: if (setfsuid(uid) < 0 || setfsuid(uid) != uid) { return -1; } but it seems wasteful to do four syscalls instead of two. Paolo