Check the return error of set[e][ug]id. While this can never fail in the

current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by:	Erik Cederstrand
Approved by:	cperciva
MFC after:	3 days
This commit is contained in:
Eitan Adler 2012-10-22 03:07:05 +00:00
parent c969ca9408
commit 50e04779c4
8 changed files with 29 additions and 11 deletions

View File

@ -371,7 +371,10 @@ main(int argc, char *argv[])
}
chdir("/");
setgroups(1, &nobody->pw_gid);
setuid(nobody->pw_uid);
if (setuid(nobody->pw_uid) != 0) {
tftp_log(LOG_ERR, "setuid failed");
exit(1);
}
}
len = sizeof(me_sock);

View File

@ -288,13 +288,16 @@ do_all(int action)
rval = 0;
egid = getegid();
setegid(getgid());
if (setegid(getgid()) != 0)
err(1, "setegid failed");
if ((f = fopen(ccdconf, "r")) == NULL) {
setegid(egid);
if (setegid(egid) != 0)
err(1, "setegid failed");
warn("fopen: %s", ccdconf);
return (1);
}
setegid(egid);
if (setegid(egid) != 0)
err(1, "setegid failed");
while (fgets(line, sizeof(line), f) != NULL) {
argc = 0;

View File

@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand)
}
pipein++;
}
setuid(getuid()); /* no longer need or want root privileges */
/* no longer need or want root privileges */
if (setuid(getuid()) != 0) {
fprintf(stderr, "setuid failed\n");
done(1);
}
magtape = strdup(source);
if (magtape == NULL) {
fprintf(stderr, "Cannot allocate space for magtape buffer\n");

View File

@ -129,7 +129,9 @@ main(int argc, char **argv)
}
timeout.tv_sec = sectimeout * 60;
setuid(getuid()); /* discard privs */
/* discard privs */
if (setuid(getuid()) != 0)
errx(1, "setuid failed");
if (tcgetattr(0, &tty)) /* get information for header */
exit(1);

View File

@ -175,7 +175,8 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
time(&t);
setuid(uid = getuid());
if (setuid(uid = getuid()) != 0)
err(1, "setuid failed");
ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
if (ruptible)
signal(SIGINT, SIG_DFL);

View File

@ -240,7 +240,8 @@ makemsg(char *fname)
setegid(getgid());
if (freopen(fname, "r", stdin) == NULL)
err(1, "can't read %s", fname);
setegid(egid);
if (setegid(egid) != 0)
err(1, "setegid failed");
}
cnt = 0;
while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) {

View File

@ -453,8 +453,10 @@ editit(char *tmpf)
const char *ed;
sigsetmask(omask);
setgid(getgid());
setuid(getuid());
if (setgid(getgid()) != 0)
err(1, "setgid failed");
if (setuid(getuid()) != 0)
err(1, "setuid failed");
if ((ed = getenv("EDITOR")) == (char *)0)
ed = _PATH_VI;
execlp(ed, ed, tmpf, (char *)0);

View File

@ -90,7 +90,9 @@ main(int argc, char **argv)
struct kvmvars kvmvars;
char *system, *kmemf;
seteuid(getuid());
if (seteuid(getuid()) != 0) {
err(1, "seteuid failed\n");
}
kmemf = NULL;
system = NULL;
while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {