Check the return error of set[ug]id. While this can never fail in the

current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week

1 files changed, 10 insertions, 10 deletions

diff --git a/usr.bin/at/privs.h b/usr.bin/at/privs.h
index 3f70ce8..297c252 100644
--- a/usr.bin/at/privs.h
+++ b/usr.bin/at/privs.h
@@ -72,8 +72,8 @@ gid_t real_gid, effective_gid;
 	effective_uid = geteuid(); \
 	real_gid = getgid(); \
 	effective_gid = getegid(); \
-	seteuid(real_uid); \
-	setegid(real_gid); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define RELINQUISH_PRIVS_ROOT(a, b) { \
@@ -81,26 +81,26 @@ gid_t real_gid, effective_gid;
 	effective_uid = geteuid(); \
 	real_gid = (b); \
 	effective_gid = getegid(); \
-	setegid(real_gid); \
-	seteuid(real_uid); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define PRIV_START { \
-	seteuid(effective_uid); \
-	setegid(effective_gid); \
+	if (seteuid(effective_uid) != 0) err(1, "seteuid failed"); \
+	if (setegid(effective_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define PRIV_END { \
-	setegid(real_gid); \
-	seteuid(real_uid); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define REDUCE_PRIV(a, b) { \
 	PRIV_START \
 	effective_uid = (a); \
 	effective_gid = (b); \
-	setreuid((uid_t)-1, effective_uid); \
-	setregid((gid_t)-1, effective_gid); \
+	if (setreuid((uid_t)-1, effective_uid) != 0) err(1, "setreuid failed"); \
+	if (setregid((gid_t)-1, effective_gid) != 0) err(1, "setregid failed"); \
 	PRIV_END \
 }
 #endif