|Re: [chrony-dev] [PATCH] Privilege Separation - Version 4 - Add helper process|
[ Thread Index |
| More chrony.tuxfamily.org/chrony-dev Archives
On Fri, Nov 20, 2015 at 11:43:19PM +1300, Bryan Christianson wrote:
> Privileged helper that will perform adjtime(), settimeofday(), bind() on
> behalf of chronyd when running as non-root user.
> Changes since version 3
> 1. No need to clear response struct on fatal error for 2nd time
> 2. Return receive error if file descriptor not found in bind operation
> 3. Conditional compilation for adjtime() call in helper
> 4. Close potentially leaked descriptor if invalid port detected in call to bind.
> 5. Add DEBUG messages for request/response
> 6. Clear request memory before use.
I've made some cosmetic changes in the coding style, function order
and error messages that I thought were not worth requesting another
version. I hope I didn't break anything.
> + cmsg->cmsg_level = SOL_SOCKET;
> + cmsg->cmsg_type = SCM_RIGHTS;
> + cmsg->cmsg_len = CMSG_LEN(sizeof(int));
> + *((int *)CMSG_DATA(cmsg)) = req->u.bind_sock.sock;
It turned out this triggers a compiler warning about strict aliasing.
I'm not sure how can casting char* to int* be a problem, but I've
replaced it with the code from the previous version of the patch,
which the compiler seems to accept with no warning.
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.