Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Safety comments: PR2 #864

Merged
merged 10 commits into from
Oct 22, 2024
Merged

Safety comments: PR2 #864

merged 10 commits into from
Oct 22, 2024

Conversation

squell
Copy link
Member

@squell squell commented Sep 2, 2024

This is related to PR #860. Together with that PR it will close #861.

This PR also refactors some code in the signal handling, since there was code duplication going.

There are 3 missing unsafe statements after this:

  • 1 in exec (related to pre_exec)
  • 2 in system (related to fork and pre_exec)

Anything relating to fork and pre_exec probably needs special attention so I did not annotate those yet; for those please refer to issue #863

There are also two unsafe statements in the visudo module, but that is handled by issue #859.

@squell squell changed the title Safety comments 2 Safety comments: PR2 Sep 2, 2024
@squell squell force-pushed the safety-comments-2 branch 2 times, most recently from 70a8cdd to d0259ae Compare September 3, 2024 00:02
pvdrz
pvdrz previously requested changes Sep 26, 2024
src/system/term/user_term.rs Outdated Show resolved Hide resolved
src/system/term/user_term.rs Outdated Show resolved Hide resolved
@squell squell dismissed pvdrz’s stale review October 7, 2024 15:33

changes incorporated

@squell squell force-pushed the safety-comments-2 branch 2 times, most recently from 4510210 to 641854e Compare October 7, 2024 20:41
src/system/signal/info.rs Outdated Show resolved Hide resolved
Copy link
Collaborator

@bjorn3 bjorn3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've looked through the entire PR now. I've got a couple of comments, but other than that LGTM.

src/system/term/mod.rs Outdated Show resolved Hide resolved
src/system/term/mod.rs Outdated Show resolved Hide resolved
src/system/term/mod.rs Outdated Show resolved Hide resolved
src/system/term/user_term.rs Show resolved Hide resolved
src/system/term/user_term.rs Outdated Show resolved Hide resolved
src/system/term/user_term.rs Outdated Show resolved Hide resolved
src/system/term/user_term.rs Outdated Show resolved Hide resolved
@squell squell force-pushed the safety-comments-2 branch 2 times, most recently from 5eb18ad to 833774d Compare October 14, 2024 12:41
@squell squell force-pushed the safety-comments-2 branch 2 times, most recently from ac3fe22 to cdd29a7 Compare October 22, 2024 08:16
squell and others added 10 commits October 22, 2024 11:08
- it was incorrect to label tcsetattr_nobg as a safe fn
- clarify why the signal handler is safe
The si_pid field would be logged even when it is uninitialized. It also
obvious that it isn't possible to trick sudo into thinking that the
signal it received was from itself due to the uninitialized value
it's own pid by chance. This is not possible as the check is prefixed by
is_user_signaled and all signals where is_user_signaled are true have
si_pid initialized. Using an option ensures that this check is never
forgotten.
@squell squell enabled auto-merge October 22, 2024 09:09
@squell squell merged commit 6872e4b into main Oct 22, 2024
13 checks passed
@squell squell deleted the safety-comments-2 branch October 22, 2024 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add missing SAFETY comments relating to libc calls.
3 participants