[clang] [clang][analyzer] Add checker 'security.SetgidSetuidOrder'. (PR #91445)
Balázs Kéri via cfe-commits
cfe-commits at lists.llvm.org
Fri May 10 09:15:19 PDT 2024
================
@@ -0,0 +1,170 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder -verify %s
+
+#include "Inputs/system-header-simulator-setgid-setuid.h"
+
+void correct_order() {
+ if (setgid(getgid()) == -1)
+ return;
+ if (setuid(getuid()) == -1)
+ return;
+ if (setgid(getgid()) == -1)
+ return;
----------------
balazske wrote:
Here is a sequence of `setuid(getuid())` and `setgid(getgid())` in the code, but still this should be not recognized as error.
https://github.com/llvm/llvm-project/pull/91445
More information about the cfe-commits
mailing list