Steve Grubb wrote: > + uptr->uid = getuid(); > + uptr->gid = getgid(); > + uptr->pid = getpid();
You don't have to do that. The kernel will fill in the fields. If this would not happen then all this wouldn't add any security. > + if (select(http->fd + 1, NULL, &fds, &fds, &tv) < 1 || Don't *EVER* use select. select is subject to 1024 total file descriptors and won't work beyond that. This is the server process which might have more descriptors open. Always use poll and epoll. Same again later on the receive side and earlier in this function before recv. > + sendmsg(http->fd, &msg, 0) == -1) Is the socket in NDELAY mode? If not you shouldn't do this. The select() call might signal one thing but situations might have changed until the sendmsg call. Unlikely but a robust program shouldn't do it. Always use non-blocking sockets and repeat the poll/epoll call (with reduced timeout) in case the send/recv calls fails. It doesn't cost anything to pass MSG_NOSIGNAL to sendmsg. If the other side of the communication is in another process then it's even mandatory. -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
signature.asc
Description: OpenPGP digital signature
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
