Check the result of seteuid(), just to be paranoid.

[ppp.git] / pppd / options.c

diff --git a/pppd/options.c b/pppd/options.c
index a270902340af97c0734f41a2411a18e7cea71563..5c9d3a0d9534345460c7dc247521506d59bd630d 100644 (file)
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -40,7 +40,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID  "$Id: options.c,v 1.98 2005/07/13 12:31:36 paulus Exp $"
+#define RCSID  "$Id: options.c,v 1.99 2006/06/04 07:04:57 paulus Exp $"
 
 #include <ctype.h>
 #include <stdio.h>
@@ -403,12 +403,14 @@ options_from_file(filename, must_exist, check_prot, priv)
     char args[MAXARGS][MAXWORDLEN];
     char cmd[MAXWORDLEN];
 
-    if (check_prot)
-       seteuid(getuid());
+    if (check_prot && seteuid(getuid()) == -1) {
+       option_error("unable to drop privileges to open %s: %m", filename);
+       return 0;
+    }
     f = fopen(filename, "r");
     err = errno;
-    if (check_prot)
-       seteuid(0);
+    if (check_prot && seteuid(0) == -1)
+       fatal("unable to regain privileges");
     if (f == NULL) {
        errno = err;
        if (!must_exist) {
@@ -1511,14 +1513,16 @@ setlogfile(argv)
 {
     int fd, err;
 
-    if (!privileged_option)
-       seteuid(getuid());
+    if (!privileged_option && seteuid(getuid()) == -1) {
+       option_error("unable to drop permissions to open %s: %m", *argv);
+       return 0;
+    }
     fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
     if (fd < 0 && errno == EEXIST)
        fd = open(*argv, O_WRONLY | O_APPEND);
     err = errno;
-    if (!privileged_option)
-       seteuid(0);
+    if (!privileged_option && seteuid(0) == -1)
+       fatal("unable to regain privileges: %m");
     if (fd < 0) {
        errno = err;
        option_error("Can't open log file %s: %m", *argv);