Check the return error of set[e][ug]id. While this can never fail in the

current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail. Submitted by: Erik Cederstrand Approved by: cperciva MFC after: 3 days
svn path=/head/; revision=241848
2012-10-22 03:07:05 +00:00 · 2012-10-22 03:07:05 +00:00 · 50e04779c4 · 2020-12-20 02:59:44 +00:00
commit 50e04779c4
parent c969ca9408
8 changed files with 29 additions and 11 deletions
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@ -371,7 +371,10 @@ main(int argc, char *argv[])
 		}
 		chdir("/");
 		setgroups(1, &nobody->pw_gid);
-		setuid(nobody->pw_uid);
+		if (setuid(nobody->pw_uid) != 0) {
+			tftp_log(LOG_ERR, "setuid failed");
+			exit(1);
+		}
 	}

 	len = sizeof(me_sock);
--- a/sbin/ccdconfig/ccdconfig.c
+++ b/sbin/ccdconfig/ccdconfig.c
@ -288,13 +288,16 @@ do_all(int action)

 	rval = 0;
 	egid = getegid();
-	setegid(getgid());
+	if (setegid(getgid()) != 0)
+		err(1, "setegid failed");
 	if ((f = fopen(ccdconf, "r")) == NULL) {
-		setegid(egid);
+		if (setegid(egid) != 0)
+			err(1, "setegid failed");
 		warn("fopen: %s", ccdconf);
 		return (1);
 	}
-	setegid(egid);
+	if (setegid(egid) != 0)
+		err(1, "setegid failed");

 	while (fgets(line, sizeof(line), f) != NULL) {
 		argc = 0;
--- a/sbin/restore/tape.c
+++ b/sbin/restore/tape.c
@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand)
 		}
 		pipein++;
 	}
-	setuid(getuid());	/* no longer need or want root privileges */
+	/* no longer need or want root privileges */
+	if (setuid(getuid()) != 0) {
+		fprintf(stderr, "setuid failed\n");
+		done(1);
+	}
 	magtape = strdup(source);
 	if (magtape == NULL) {
 		fprintf(stderr, "Cannot allocate space for magtape buffer\n");
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@ -129,7 +129,9 @@ main(int argc, char **argv)
 		}
 	timeout.tv_sec = sectimeout * 60;

-	setuid(getuid());		/* discard privs */
+	/* discard privs */
+	if (setuid(getuid()) != 0)
+		errx(1, "setuid failed");

 	if (tcgetattr(0, &tty))		/* get information for header */
 		exit(1);
--- a/usr.bin/msgs/msgs.c
+++ b/usr.bin/msgs/msgs.c
@ -175,7 +175,8 @@ main(int argc, char *argv[])
 	setlocale(LC_ALL, "");

 	time(&t);
-	setuid(uid = getuid());
+	if (setuid(uid = getuid()) != 0)
+		err(1, "setuid failed");
 	ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
 	if (ruptible)
 		signal(SIGINT, SIG_DFL);
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@ -240,7 +240,8 @@ makemsg(char *fname)
 		setegid(getgid());
 		if (freopen(fname, "r", stdin) == NULL)
 			err(1, "can't read %s", fname);
-		setegid(egid);
+		if (setegid(egid) != 0)
+			err(1, "setegid failed");
 	}
 	cnt = 0;
 	while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) {
--- a/usr.sbin/edquota/edquota.c
+++ b/usr.sbin/edquota/edquota.c
@ -453,8 +453,10 @@ editit(char *tmpf)
 		const char *ed;

 		sigsetmask(omask);
-		setgid(getgid());
-		setuid(getuid());
+		if (setgid(getgid()) != 0)
+			err(1, "setgid failed");
+		if (setuid(getuid()) != 0)
+			err(1, "setuid failed");
 		if ((ed = getenv("EDITOR")) == (char *)0)
 			ed = _PATH_VI;
 		execlp(ed, ed, tmpf, (char *)0);
--- a/usr.sbin/kgmon/kgmon.c
+++ b/usr.sbin/kgmon/kgmon.c
@ -90,7 +90,9 @@ main(int argc, char **argv)
 	struct kvmvars kvmvars;
 	char *system, *kmemf;

-	seteuid(getuid());
+	if (seteuid(getuid()) != 0) {
+		err(1, "seteuid failed\n");
+	}
 	kmemf = NULL;
 	system = NULL;
 	while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {