Check result of seteuid and setegid.

* sysif.c (repress_privilege): Bail if temporarily dropping user or group privilege (in setuid operation, of course) doesn't work.
author: Kaz Kylheku <kaz@kylheku.com> 2017-02-22 21:05:54 -0800
committer: Kaz Kylheku <kaz@kylheku.com> 2017-02-22 21:05:54 -0800
commit: 873a5ca33102376391ae7c4af3f3f72461b7b643 (patch)
tree: 5aad50d92d059640e88e4e1d7c7f9aec420e1b10
parent: b7fcf426f458ae1ac951a16cc50a035961259381 (diff)
download: txr-873a5ca33102376391ae7c4af3f3f72461b7b643.tar.gz
txr-873a5ca33102376391ae7c4af3f3f72461b7b643.tar.bz2
txr-873a5ca33102376391ae7c4af3f3f72461b7b643.zip
1 files changed, 10 insertions, 6 deletions
diff --git a/sysif.c b/sysif.c
index fa88128d..67e31ac4 100644
--- a/sysif.c
+++ b/sysif.c
@@ -936,15 +936,19 @@ void repress_privilege(void)
   real_uid = getuid();
   orig_euid = geteuid();
 
-  if (real_gid != orig_egid)
-    setegid(real_gid);
-  else
+  if (real_gid != orig_egid) {
+    if (setegid(real_gid))
+      panic("setegid failed when trying to repress privilege");
+  } else {
     is_setgid = 0;
+  }
 
-  if (real_uid != orig_euid)
-    seteuid(real_uid);
-  else
+  if (real_uid != orig_euid) {
+    if (seteuid(real_uid))
+      panic("setegid failed when trying to repress privilege");
+  } else {
     is_setuid = 0;
+  }
 
   repress_called = RC_MAGIC;
 }
author	Kaz Kylheku <kaz@kylheku.com>	2017-02-22 21:05:54 -0800
committer	Kaz Kylheku <kaz@kylheku.com>	2017-02-22 21:05:54 -0800
commit	873a5ca33102376391ae7c4af3f3f72461b7b643 (patch)
tree	5aad50d92d059640e88e4e1d7c7f9aec420e1b10
parent	b7fcf426f458ae1ac951a16cc50a035961259381 (diff)
download	txr-873a5ca33102376391ae7c4af3f3f72461b7b643.tar.gz txr-873a5ca33102376391ae7c4af3f3f72461b7b643.tar.bz2 txr-873a5ca33102376391ae7c4af3f3f72461b7b643.zip