The single = in an if statement is a classical C novice mistake - and one that the most experienced programmers still need to watch out for. In this case, I doubt that it was a mistake. If (current->uid == 0) was intended, it would mean that root was exempt from the check for redundant flags. I'm no Linux expert, but it's hard to imagine any reason for that.

Because it's a classical mistake, it wouldn't have survived long in the source code anyhow. Lint or any similar code-checker would flag it. Anyone with much C experience who really read through the code should also notice it, although somehow the way this statement is written helps keep the suspicious single = from jumping right out of the page at you. (I can only assume that the guy who noticed the unauthorized change to the source was too focused on the issue of unauthorized changes to really read the change.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7388/23747#23747