Check the return error of set[e][ug]id. While this can never fail in the

current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by:	Erik Cederstrand
Approved by:	cperciva
MFC after:	3 days

8 files changed, 29 insertions, 11 deletions

diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index 7363abf..a0010b3 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -371,7 +371,10 @@ main(int argc, char *argv[])
 		}
 		chdir("/");
 		setgroups(1, &nobody->pw_gid);
-		setuid(nobody->pw_uid);
+		if (setuid(nobody->pw_uid) != 0) {
+			tftp_log(LOG_ERR, "setuid failed");
+			exit(1);
+		}
 	}
 
 	len = sizeof(me_sock);
diff --git a/sbin/ccdconfig/ccdconfig.c b/sbin/ccdconfig/ccdconfig.c
index 6324150..76867ba 100644
--- a/sbin/ccdconfig/ccdconfig.c
+++ b/sbin/ccdconfig/ccdconfig.c
@@ -288,13 +288,16 @@ do_all(int action)
 
 	rval = 0;
 	egid = getegid();
-	setegid(getgid());
+	if (setegid(getgid()) != 0)
+		err(1, "setegid failed");
 	if ((f = fopen(ccdconf, "r")) == NULL) {
-		setegid(egid);
+		if (setegid(egid) != 0)
+			err(1, "setegid failed");
 		warn("fopen: %s", ccdconf);
 		return (1);
 	}
-	setegid(egid);
+	if (setegid(egid) != 0)
+		err(1, "setegid failed");
 
 	while (fgets(line, sizeof(line), f) != NULL) {
 		argc = 0;
diff --git a/sbin/restore/tape.c b/sbin/restore/tape.c
index f63d573..4f34549 100644
--- a/sbin/restore/tape.c
+++ b/sbin/restore/tape.c
@@ -164,7 +164,11 @@ setinput(char *source, int ispipecommand)
 		}
 		pipein++;
 	}
-	setuid(getuid());	/* no longer need or want root privileges */
+	/* no longer need or want root privileges */
+	if (setuid(getuid()) != 0) {
+		fprintf(stderr, "setuid failed\n");
+		done(1);
+	}
 	magtape = strdup(source);
 	if (magtape == NULL) {
 		fprintf(stderr, "Cannot allocate space for magtape buffer\n");
diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c
index 0382e83..acc0e29 100644
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@@ -129,7 +129,9 @@ main(int argc, char **argv)
 		}
 	timeout.tv_sec = sectimeout * 60;
 
-	setuid(getuid());		/* discard privs */
+	/* discard privs */
+	if (setuid(getuid()) != 0)
+		errx(1, "setuid failed");
 
 	if (tcgetattr(0, &tty))		/* get information for header */
 		exit(1);
diff --git a/usr.bin/msgs/msgs.c b/usr.bin/msgs/msgs.c
index e534fac..c4c589e 100644
--- a/usr.bin/msgs/msgs.c
+++ b/usr.bin/msgs/msgs.c
@@ -175,7 +175,8 @@ main(int argc, char *argv[])
 	setlocale(LC_ALL, "");
 
 	time(&t);
-	setuid(uid = getuid());
+	if (setuid(uid = getuid()) != 0)
+		err(1, "setuid failed");
 	ruptible = (signal(SIGINT, SIG_IGN) == SIG_DFL);
 	if (ruptible)
 		signal(SIGINT, SIG_DFL);
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c
index dafd448..b3a63dc 100644
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@@ -240,7 +240,8 @@ makemsg(char *fname)
 		setegid(getgid());
 		if (freopen(fname, "r", stdin) == NULL)
 			err(1, "can't read %s", fname);
-		setegid(egid);
+		if (setegid(egid) != 0)
+			err(1, "setegid failed");
 	}
 	cnt = 0;
 	while (fgetws(lbuf, sizeof(lbuf)/sizeof(wchar_t), stdin)) {
diff --git a/usr.sbin/edquota/edquota.c b/usr.sbin/edquota/edquota.c
index 0957011..930a460 100644
--- a/usr.sbin/edquota/edquota.c
+++ b/usr.sbin/edquota/edquota.c
@@ -453,8 +453,10 @@ editit(char *tmpf)
 		const char *ed;
 
 		sigsetmask(omask);
-		setgid(getgid());
-		setuid(getuid());
+		if (setgid(getgid()) != 0)
+			err(1, "setgid failed");
+		if (setuid(getuid()) != 0)
+			err(1, "setuid failed");
 		if ((ed = getenv("EDITOR")) == (char *)0)
 			ed = _PATH_VI;
 		execlp(ed, ed, tmpf, (char *)0);
diff --git a/usr.sbin/kgmon/kgmon.c b/usr.sbin/kgmon/kgmon.c
index d5cdf96..c691d6e 100644
--- a/usr.sbin/kgmon/kgmon.c
+++ b/usr.sbin/kgmon/kgmon.c
@@ -90,7 +90,9 @@ main(int argc, char **argv)
 	struct kvmvars kvmvars;
 	char *system, *kmemf;
 
-	seteuid(getuid());
+	if (seteuid(getuid()) != 0) {
+		err(1, "seteuid failed\n");
+	}
 	kmemf = NULL;
 	system = NULL;
 	while ((ch = getopt(argc, argv, "M:N:Bbhpr")) != -1) {