================ @@ -0,0 +1,170 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder -verify %s + +#include "Inputs/system-header-simulator-setgid-setuid.h" + +void correct_order() { + if (setgid(getgid()) == -1) + return; + if (setuid(getuid()) == -1) + return; + if (setgid(getgid()) == -1) + return; ---------------- NagyDonat wrote:
But why do the SEI-CERT best practices mandate that "this should not be recognized as an error"? Could you briefly explain this in a comment? (E.g. "Special case: calling `setgid(getgid())` after an earlier `setgid(getgid()); setuid(getuid())` combination is legitimate, because it... <why is this good>") https://github.com/llvm/llvm-project/pull/91445 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits