New upstream version 1.0.4

author: Guido Günther <agx@sigxcpu.org> 2013-04-01 13:01:27 +0200
committer: Guido Günther <agx@sigxcpu.org> 2013-04-01 13:01:27 +0200
commit: 95adca0059888a2aa16cd9330cfa7cc22b8cf11f (patch)
tree: c19f64b014cf59b50e9074005efc9cedee2c809d /cfg.mk
parent: 38c4d9a9e76351aa84be4c4cfd85faf0c016575a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/cfg.mk b/cfg.mk
index b95a90b1e..394521e47 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -389,6 +389,12 @@ sc_prohibit_setuid:
 	halt='use virSetUIDGID, not raw set*id'				\
 	  $(_sc_search_regexp)
 
+# Don't compare *id_t against raw -1.
+sc_prohibit_risky_id_promotion:
+	@prohibit='\b(user|group|[ug]id) *[=!]= *-'			\
+	halt='cast -1 to ([ug]id_t) before comparing against id'	\
+	  $(_sc_search_regexp)
+
 # Use snprintf rather than s'printf, even if buffer is provably large enough,
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
author	Guido Günther <agx@sigxcpu.org>	2013-04-01 13:01:27 +0200
committer	Guido Günther <agx@sigxcpu.org>	2013-04-01 13:01:27 +0200
commit	95adca0059888a2aa16cd9330cfa7cc22b8cf11f (patch)
tree	c19f64b014cf59b50e9074005efc9cedee2c809d /cfg.mk
parent	38c4d9a9e76351aa84be4c4cfd85faf0c016575a (diff)