Author: simon
Date: Sat Apr 23 14:19:26 2011
New Revision: 220971
URL: http://svn.freebsd.org/changeset/base/220971

Log:
  Check return code of setuid() and setgid() in finger.
  
  While they will not fail in normal circumstances, better safe than
  sorry.
  
  MFC after:    1 week

Modified:
  head/usr.bin/finger/finger.c

Modified: head/usr.bin/finger/finger.c
==============================================================================
--- head/usr.bin/finger/finger.c        Sat Apr 23 13:57:12 2011        
(r220970)
+++ head/usr.bin/finger/finger.c        Sat Apr 23 14:19:26 2011        
(r220971)
@@ -164,11 +164,15 @@ main(int argc, char **argv)
        if (getuid() == 0 || geteuid() == 0) {
                invoker_root = 1;
                if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) {
-                        setgid(pw->pw_gid);
-                        setuid(pw->pw_uid);
+                       if (setgid(pw->pw_gid) != 0)
+                               err(1, "setgid()");
+                       if (setuid(pw->pw_uid) != 0)
+                               err(1, "setuid()");
                } else {
-                        setgid(UNPRIV_UGID);
-                        setuid(UNPRIV_UGID);
+                       if (setgid(UNPRIV_UGID) != 0)
+                               err(1, "setgid()");
+                       if (setuid(UNPRIV_UGID) != 0)
+                               err(1, "setuid()");
                }
        }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to