[LLVMbugs] [Bug 13979] New: False positive: setuid(getuid());
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sun Sep 30 15:44:51 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=13979
Bug #: 13979
Summary: False positive: setuid(getuid());
Product: clang
Version: trunk
Platform: PC
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: erik at cederstrand.dk
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
See this report:
http://scan.freebsd.your.org/freebsd-head/sbin.ping/2012-09-30-amd64/report-R9ZgC6.html#EndPath
I agree that generally, one should check the return value of setuid. However,
in this specific case the program runs as SUID root and the code simply drops
privileges to the real user ID. This should always succeed, as the user is
always allowed to change privileges to itself.
I believe that this is a common pattern. I suggest to slience the warning when
the argument to setuid is the value of getuid.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list