From 93131fc82a2d16e68c03d143ff473d73c040bea8 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Wed, 22 Feb 2017 21:05:54 -0800
Subject: Check result of seteuid and setegid.

* sysif.c (repress_privilege): Bail if temporarily dropping
user or group privilege (in setuid operation, of course)
doesn't work.
---
 sysif.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/sysif.c b/sysif.c
index fa88128d..67e31ac4 100644
--- a/sysif.c
+++ b/sysif.c
@@ -936,15 +936,19 @@ void repress_privilege(void)
   real_uid = getuid();
   orig_euid = geteuid();
 
-  if (real_gid != orig_egid)
-    setegid(real_gid);
-  else
+  if (real_gid != orig_egid) {
+    if (setegid(real_gid))
+      panic("setegid failed when trying to repress privilege");
+  } else {
     is_setgid = 0;
+  }
 
-  if (real_uid != orig_euid)
-    seteuid(real_uid);
-  else
+  if (real_uid != orig_euid) {
+    if (seteuid(real_uid))
+      panic("setegid failed when trying to repress privilege");
+  } else {
     is_setuid = 0;
+  }
 
   repress_called = RC_MAGIC;
 }
-- 
cgit v1.2.3