惠轶群 <huiyi...@gmail.com> writes:
>> There's a lot of "what" here that the caller doesn't really care about,
>> and which may go stale with respect to the implementation over time. Can
>> we make something more succinct like:
>>
>> /*
>> * Return a path suitable for writing run-time files related to git,
>> * or NULL if no such path can be established. The resulting string
>> * should be freed by the caller.
>> */
>>
>> ?
>
> That's clearer, but if I were the caller, I would worry about the
> security of the path.
> How about adding:
>
> The security of the path is ensured by file permission.
Is "by file permission" descriptive enough?
To protect /a/b/c/socket, what filesystem entities have the right
permission bits set? If the parent directory is writable by an
attacker, the permission bits on 'socket' itself may not matter as
the attacker can rename it away and create new one herself, for
example.
> I will deal with it.
>
> I find there are some similar leakage in this file. I'll fix them in
> another patch.
>
> Do you think we need some additional comments for the release of strbuf?
As Documentation/technical/api-strbuf.txt has this, I think we are
already OK.
`strbuf_release`::
Release a string buffer and the memory it used. You should not use the
string buffer after using this function, unless you initialize it again.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
