[PATCH] D61967: [clang-tidy] Add a close-on-exec check on pipe() in Android module.
Eugene Zelenko via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed May 15 16:04:47 PDT 2019
Eugene.Zelenko added inline comments.
================
Comment at: clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe.rst:6
+
+The usage of ``pipe()`` is not recommended, it's better to use ``pipe2()``.
+Without this flag, an opened sensitive file descriptor would remain open across
----------------
Please make first sentence same as in Release Notes.
================
Comment at: clang-tools-extra/docs/clang-tidy/checks/android-cloexec-pipe.rst:8
+Without this flag, an opened sensitive file descriptor would remain open across
+a fork+exec to a lower-privileged SELinux domain.
+
----------------
I think will be good idea to highlight fork and exec with double back-ticks.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D61967/new/
https://reviews.llvm.org/D61967
More information about the cfe-commits
mailing list