Failure of dropping privilege should be fatal, so test and bail out

when setgid() fails. Reported by: clang static analyzer MFC after: 2 weeks
author: delphij <delphij@FreeBSD.org> 2015-09-01 06:05:43 +0000
committer: delphij <delphij@FreeBSD.org> 2015-09-01 06:05:43 +0000
commit: bfe32e53e7eae62481d54b35837894c6a82c2f98 (patch)
tree: 8b00914538d4a0ac0d6582f51b0bf6cd1a5d5083 /usr.bin/netstat
parent: 5acb571ae5202945a6a4a1283411ec6e0919a9ea (diff)
download: FreeBSD-src-bfe32e53e7eae62481d54b35837894c6a82c2f98.zip
FreeBSD-src-bfe32e53e7eae62481d54b35837894c6a82c2f98.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
index 477add6..65bcbf6 100644
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -498,8 +498,10 @@ main(int argc, char *argv[])
 	 * guys can't print interesting stuff from kernel memory.
 	 */
 	live = (nlistf == NULL && memf == NULL);
-	if (!live)
-		setgid(getgid());
+	if (!live) {
+		if (setgid(getgid()) != 0)
+			xo_err(-1, "setgid");
+	}
 
 	if (xflag && Tflag)
 		xo_errx(1, "-x and -T are incompatible, pick one.");
@@ -704,7 +706,8 @@ kvmd_init(void)
 		return (0);
 
 	kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
-	setgid(getgid());
+	if (setgid(getgid()) != 0)
+		xo_err(-1, "setgid");
 
 	if (kvmd == NULL) {
 		xo_warnx("kvm not available: %s", errbuf);
author	delphij <delphij@FreeBSD.org>	2015-09-01 06:05:43 +0000
committer	delphij <delphij@FreeBSD.org>	2015-09-01 06:05:43 +0000
commit	bfe32e53e7eae62481d54b35837894c6a82c2f98 (patch)
tree	8b00914538d4a0ac0d6582f51b0bf6cd1a5d5083 /usr.bin/netstat
parent	5acb571ae5202945a6a4a1283411ec6e0919a9ea (diff)
download	FreeBSD-src-bfe32e53e7eae62481d54b35837894c6a82c2f98.zip FreeBSD-src-bfe32e53e7eae62481d54b35837894c6a82c2f98.tar.gz