1
Running: /home/sarnold/bin/audit-code.sh -c C ./
3
== subprocess_spawned() ==
4
./preload/clickpreload.c:173: * except to be executed with /bin/sh. Chrooting for this causes more
5
./preload/clickpreload.c:182:int execvp (const char *file, char * const argv[])
6
./pk-plugin/pk-plugin-click.c:302: ret = g_spawn_sync (NULL, argv, envp, G_SPAWN_SEARCH_PATH,
7
./pk-plugin/pk-plugin-click.c:307: if (!g_spawn_check_exit_status (click_status, NULL)) {
8
./pk-plugin/pk-plugin-click.c:529: ret = g_spawn_sync (NULL, argv, envp,
9
./pk-plugin/pk-plugin-click.c:535: if (!g_spawn_check_exit_status (click_status, NULL)) {
10
./click/tests/preload.h:69:gboolean g_spawn_sync (const gchar *working_directory,
12
== memory_management() ==
13
./pk-plugin/pk-plugin-click.c:214: buf = g_malloc (buflen);
14
./pk-plugin/pk-plugin-click.c:229: buf = g_realloc (buf, buflen);
15
./pk-plugin/pk-plugin-click.c:414: elements = g_new0 (gchar *, n_elements);
18
./preload/clickpreload.c:298:FILE *fopen (const char *pathname, const char *mode)
19
./preload/clickpreload.c:309: return fdopen (dup_fd, mode);
20
./preload/clickpreload.c:329: return fdopen (dup_fd, mode);
21
./preload/clickpreload.c:338:int open (const char *pathname, int flags, ...)
24
./preload/clickpreload.c:68: if (dlerror ()) \
25
./preload/clickpreload.c:77: dlerror ();
26
./pk-plugin/pk-plugin-click.c:269:click_pk_error (PkPlugin *plugin, PkErrorEnum code,
27
./pk-plugin/pk-plugin-click.c:310: click_pk_error (plugin, PK_ERROR_ENUM_INTERNAL_ERROR,
28
./pk-plugin/pk-plugin-click.c:377: click_pk_error (plugin, PK_ERROR_ENUM_INTERNAL_ERROR,
29
./pk-plugin/pk-plugin-click.c:384: click_pk_error (plugin, PK_ERROR_ENUM_INTERNAL_ERROR,
30
./pk-plugin/pk-plugin-click.c:538: click_pk_error (plugin,
31
./pk-plugin/pk-plugin-click.c:577: g_debug ("Click: installing %s", filenames[i]);
32
./pk-plugin/pk-plugin-click.c:639: g_error ("Click: cannot remove packages without a username");
33
./pk-plugin/pk-plugin-click.c:643: g_error ("Click: cannot parse package ID '%s'", package_id);
34
./pk-plugin/pk-plugin-click.c:652: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
35
./pk-plugin/pk-plugin-click.c:661: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
36
./pk-plugin/pk-plugin-click.c:670: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
37
./pk-plugin/pk-plugin-click.c:678: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
38
./pk-plugin/pk-plugin-click.c:685: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
39
./pk-plugin/pk-plugin-click.c:692: click_pk_error (plugin, PK_ERROR_ENUM_PACKAGE_FAILED_TO_REMOVE,
40
./pk-plugin/pk-plugin-click.c:721: g_debug ("Click: removing %s", package_ids[i]);
41
./pk-plugin/pk-plugin-click.c:743: g_debug ("Found package: %s", package_id);
42
./pk-plugin/pk-plugin-click.c:867: g_debug ("Processing transaction");
45
./preload/clickpreload.c:104: base_path = getenv ("CLICK_BASE_DIR");
46
./preload/clickpreload.c:107: package_path = getenv ("CLICK_PACKAGE_PATH");
47
./preload/clickpreload.c:108: package_fd_str = getenv ("CLICK_PACKAGE_FD");
48
./pk-plugin/pk-plugin-click.c:253: environ = g_get_environ ();
51
./preload/clickpreload.c:115:int chown (const char *path, uid_t owner, gid_t group)
52
./preload/clickpreload.c:125:int fchown (int fd, uid_t owner, gid_t group)
53
./preload/clickpreload.c:135:int lchown (const char *path, uid_t owner, gid_t group)
54
./preload/clickpreload.c:176:int chroot (const char *path)
55
./preload/clickpreload.c:269:int mknod (const char *pathname, mode_t mode, dev_t dev)
56
./preload/clickpreload.c:427:int chmod (const char *path, mode_t mode)
57
./preload/clickpreload.c:437:int fchmod (int fd, mode_t mode)
58
./click/tests/preload.h:13:extern int chown (const char *file, uid_t owner, gid_t group);
61
./pk-plugin/pk-plugin-click.c:647: click_db_read (db, NULL, &error);
64
./preload/clickpreload.c:14: * along with this program. If not, see <http://www.gnu.org/licenses/>.
65
./pk-plugin/pk-plugin-click.c:17: * along with this program. If not, see <http://www.gnu.org/licenses/>.
72
./preload/clickpreload.c:184: if (strcmp (file, "/.click/tmp.ci/preinst") == 0)
74
== priv_cmds (sudo, gksu, pkexec) ==
80
== comments (XXX, FIXME, TODO) ==
81
./pk-plugin/pk-plugin-click.c:218: /* TODO: getpwuid_r is apparently a portability headache;
82
./pk-plugin/pk-plugin-click.c:228: buflen *= 2; /* TODO: check overflow */
83
./pk-plugin/pk-plugin-click.c:526: /* TODO: make --force-missing-framework configurable */
84
./pk-plugin/pk-plugin-click.c:696: /* TODO: remove data? */
85
./pk-plugin/pk-plugin-click.c:881: /* TODO: Simulation needs to be smarter - backend
86
./pk-plugin/pk-plugin-click.c:899: /* TODO: Handle simulation? */
88
== unsafe input mechanisms ==