o Better be safe than sorry: check return code from setuid(2),

setgid(2), setlogin(2) and initgroups(3).  In theory they could
fail for root with some third party mac(4) policies.

Submitted by:	Kostik Belousov
MFC after:	1 month

usr.sbin/cron/cron/do_command.c

@@ -245,12 +245,29 @@ child_process(e, u)
 			/* set our directory, uid and gid.  Set gid first,
 			 * since once we set uid, we've lost root privledges.
 			 */
-			setgid(e->gid);
+			if (setgid(e->gid) != 0) {
+				log_it(usernm, getpid(),
+				    "error", "setgid failed");
+				exit(ERROR_EXIT);
+			}
 # if defined(BSD)
-			initgroups(usernm, e->gid);
+			if (initgroups(usernm, e->gid) != 0) {
+				log_it(usernm, getpid(),
+				    "error", "initgroups failed");
+				exit(ERROR_EXIT);
+			}
 # endif
-			setlogin(usernm);
-			setuid(e->uid);		/* we aren't root after this..*/
+			if (setlogin(usernm) != 0) {
+				log_it(usernm, getpid(),
+				    "error", "setlogin failed");
+				exit(ERROR_EXIT);
+			}
+			if (setuid(e->uid) != 0) {
+				log_it(usernm, getpid(),
+				    "error", "setuid failed");
+				exit(ERROR_EXIT);
+			}
+			/* we aren't root after this..*/
 #if defined(LOGIN_CAP)
 		}
 		if (lc != NULL)

usr.sbin/cron/cron/popen.c

@@ -175,12 +175,17 @@ cron_popen(program, type, e)
 				/* set our directory, uid and gid.  Set gid first,
 				 * since once we set uid, we've lost root privledges.
 				 */
-				setgid(e->gid);
+				if (setgid(e->gid) != 0)
+					_exit(ERROR_EXIT);
 # if defined(BSD)
-				initgroups(usernm, e->gid);
+				if (initgroups(usernm, e->gid) != 0)
+					_exit(ERROR_EXIT);
 # endif
-				setlogin(usernm);
-				setuid(e->uid);         /* we aren't root after this..*/
+				if (setlogin(usernm) != 0)
+					_exit(ERROR_EXIT);
+				if (setuid(e->uid) != 0)
+					_exit(ERROR_EXIT);
+				/* we aren't root after this..*/
 #if defined(LOGIN_CAP)
 			}
 			if (lc != NULL)