[LLVMbugs] [Bug 13979] New: False positive: setuid(getuid());

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Sep 30 15:44:51 PDT 2012


             Bug #: 13979
           Summary: False positive: setuid(getuid());
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: erik at cederstrand.dk
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

See this report:

I agree that generally, one should check the return value of setuid. However,
in this specific case the program runs as SUID root and the code simply drops
privileges to the real user ID. This should always succeed, as the user is
always allowed to change privileges to itself. 

I believe that this is a common pattern. I suggest to slience the warning when
the argument to setuid is the value of getuid.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list