1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Doc: clean up the QProcess::setChildProcessModifier example

Browse Source 
- Use nullptr instead of 0
- Pass directory to chroot that is not in /etc
- Set umask to a sensible value (0 is insecure)

Change-Id: I1dba29bc0f454df09ca1fffd161801257f9ccb3c
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This commit is contained in:
Thiago Macieira 2020-06-12 21:48:48 -07:00
parent ace19063cb
commit da77cfb4a6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp
View File

@ -96,12 +96,12 @@ void runSandboxed(const QString &name, const QStringList &arguments)
proc.setChildProcessModifier([] { proc.setChildProcessModifier([] {
// Drop all privileges in the child process, and enter // Drop all privileges in the child process, and enter
// a chroot jail. // a chroot jail.
::setgroups(0, 0); ::setgroups(0, nullptr);
::chroot("/etc/safe"); ::chroot("/run/safedir");
::chdir("/"); ::chdir("/");
::setgid(safeGid); ::setgid(safeGid);
::setuid(safeUid); ::setuid(safeUid);
::umask(0); ::umask(077);
}); });
proc.start(name, arguments); proc.start(name, arguments);
proc.waitForFinished(); proc.waitForFinished();