bin/172290: bin/at: Check return value of setuid() and friends

Erik Cederstrand erik at cederstrand.dk
Tue Oct 2 22:30:12 UTC 2012 

>Number:         172290
>Category:       bin
>Synopsis:       bin/at: Check return value of setuid() and friends
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 02 22:30:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Erik Cederstrand
>Release:        CURRENT
>Organization:
>Environment:
>Description:
Similar to PR bin/172289, at(1) doesn't check the return value of setuid() and similar functions. If setuid() fails, which it can do for a number of reasons, root privileges are not dropped.
>How-To-Repeat:

>Fix:
Check return value of setuid and related functions and fail if necessary

Patch attached with submission follows:

Index: privs.h
===================================================================
--- privs.h	(revision 240960)
+++ privs.h	(working copy)
@@ -74,8 +74,8 @@
 	effective_uid = geteuid(); \
 	real_gid = getgid(); \
 	effective_gid = getegid(); \
-	seteuid(real_uid); \
-	setegid(real_gid); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define RELINQUISH_PRIVS_ROOT(a, b) { \
@@ -83,26 +83,26 @@
 	effective_uid = geteuid(); \
 	real_gid = (b); \
 	effective_gid = getegid(); \
-	setegid(real_gid); \
-	seteuid(real_uid); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define PRIV_START { \
-	seteuid(effective_uid); \
-	setegid(effective_gid); \
+	if (seteuid(effective_uid) != 0) err(1, "seteuid failed"); \
+	if (setegid(effective_gid) != 0) err(1, "setegid failed"); \
 }
 
 #define PRIV_END { \
-	setegid(real_gid); \
-	seteuid(real_uid); \
+	if (setegid(real_gid) != 0) err(1, "setegid failed"); \
+	if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \
 }
 
 #define REDUCE_PRIV(a, b) { \
 	PRIV_START \
 	effective_uid = (a); \
 	effective_gid = (b); \
-	setreuid((uid_t)-1, effective_uid); \
-	setregid((gid_t)-1, effective_gid); \
+	if (setreuid((uid_t)-1, effective_uid) != 0) err(1, "setreuid failed"); \
+	if (setregid((gid_t)-1, effective_gid) != 0) err(1, "setregid failed"); \
 	PRIV_END \
 }
 #endif


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list