[clang] [clang][analyzer] Add checker 'Security.SetgidSetuidOrder'. (PR #91445)

Donát Nagy via cfe-commits Wed, 08 May 2024 03:34:46 -0700

================
@@ -0,0 +1,170 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder 
-verify %s
+
+#include "Inputs/system-header-simulator-setgid-setuid.h"
+
+void correct_order() {
+  if (setgid(getgid()) == -1)
+    return;
+  if (setuid(getuid()) == -1)
+    return;
+  if (setgid(getgid()) == -1)
+    return;
----------------
NagyDonat wrote:


Why is this block here? Should this "try to set the gid again" attempt appear 
in normal code?

(I see that this is intentionally allowed in the checker, but it would be good 
to add a short comment that explains the rationale behind this.)

https://github.com/llvm/llvm-project/pull/91445
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Add checker 'Security.SetgidSetuidOrder'. (PR #91445)

Reply via email to