Hi, On Sun, Nov 16, 2014 at 03:31:02PM +0100, David Sommerseth wrote: > From: David Sommerseth <[email protected]> > > The system() call is prone to shell expansions and provides far more > environments variables to the executable run than what is usually > preferred. By moving over to exevce() shell expansions are far more > difficult to achieve and only the OpenVPN provided environment > variables are available.
Since Steffan has ACKed it, I've committed it, but it would be nice if
you could send a followup patch addressing the remaining warnings in
down-root that Steffan pointed out - and maybe reformat these bits to
conform to whatever coding style we agreed to (which this is not :-))...
> +static int
> +run_script(char * const *argv, char * const *envp) {
> + pid_t pid;
> + int ret = 0;
> +
> + pid = fork();
> + if (pid == (pid_t)0) { /* child side */
> + execve(argv[0], argv, envp);
> + fprintf(stderr, "DOWN-ROOT: Failed execute: %s\n", argv[0]);
> + exit(127); /* If execve() fails to run, exit child with exit code 127 */
> + } else if (pid < (pid_t)0 ) {
> + fprintf(stderr, "DOWN-ROOT: Failed to fork child to run %s\n", argv[0]);
> + return -1;
I think this is called "all-mashed-together" style or so :-)
thanks,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpa1SavqH6Z_.pgp
Description: PGP signature
