Hi, On Sun, Nov 16, 2014 at 03:31:02PM +0100, David Sommerseth wrote: > From: David Sommerseth <dav...@redhat.com> > > The system() call is prone to shell expansions and provides far more > environments variables to the executable run than what is usually > preferred. By moving over to exevce() shell expansions are far more > difficult to achieve and only the OpenVPN provided environment > variables are available.
Since Steffan has ACKed it, I've committed it, but it would be nice if you could send a followup patch addressing the remaining warnings in down-root that Steffan pointed out - and maybe reformat these bits to conform to whatever coding style we agreed to (which this is not :-))... > +static int > +run_script(char * const *argv, char * const *envp) { > + pid_t pid; > + int ret = 0; > + > + pid = fork(); > + if (pid == (pid_t)0) { /* child side */ > + execve(argv[0], argv, envp); > + fprintf(stderr, "DOWN-ROOT: Failed execute: %s\n", argv[0]); > + exit(127); /* If execve() fails to run, exit child with exit code 127 */ > + } else if (pid < (pid_t)0 ) { > + fprintf(stderr, "DOWN-ROOT: Failed to fork child to run %s\n", argv[0]); > + return -1; I think this is called "all-mashed-together" style or so :-) thanks, gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpa1SavqH6Z_.pgp
Description: PGP signature