From: Paul Mackerras <paulus@samba.org>
Date: Sun, 4 Jun 2006 07:04:57 +0000 (+0000)
Subject: Check the result of seteuid(), just to be paranoid.
X-Git-Tag: ppp-2.4.7~113
X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=bf69479845b0dc57e75423be4dd2491cadda1f89

Check the result of seteuid(), just to be paranoid.
---

diff --git a/pppd/auth.c b/pppd/auth.c
index 8e1180d..e78773e 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -68,7 +68,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: auth.c,v 1.109 2006/05/22 00:04:07 paulus Exp $"
+#define RCSID	"$Id: auth.c,v 1.110 2006/06/04 07:04:57 paulus Exp $"
 
 #include <stdio.h>
 #include <stddef.h>
@@ -418,9 +418,13 @@ setupapfile(argv)
     fname = strdup(*argv);
     if (fname == NULL)
 	novm("+ua file name");
-    seteuid(getuid());
+    if (seteuid(getuid()) == -1) {
+	option_error("unable to reset uid before opening %s: %m", fname);
+	return ;
+    }
     ufile = fopen(fname, "r");
-    seteuid(0);
+    if (seteuid(0) == -1)
+	fatal("unable to regain privileges: %m");
     if (ufile == NULL) {
 	option_error("unable to open user login data file %s", fname);
 	return 0;
diff --git a/pppd/options.c b/pppd/options.c
index a270902..5c9d3a0 100644
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -40,7 +40,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: options.c,v 1.98 2005/07/13 12:31:36 paulus Exp $"
+#define RCSID	"$Id: options.c,v 1.99 2006/06/04 07:04:57 paulus Exp $"
 
 #include <ctype.h>
 #include <stdio.h>
@@ -403,12 +403,14 @@ options_from_file(filename, must_exist, check_prot, priv)
     char args[MAXARGS][MAXWORDLEN];
     char cmd[MAXWORDLEN];
 
-    if (check_prot)
-	seteuid(getuid());
+    if (check_prot && seteuid(getuid()) == -1) {
+	option_error("unable to drop privileges to open %s: %m", filename);
+	return 0;
+    }
     f = fopen(filename, "r");
     err = errno;
-    if (check_prot)
-	seteuid(0);
+    if (check_prot && seteuid(0) == -1)
+	fatal("unable to regain privileges");
     if (f == NULL) {
 	errno = err;
 	if (!must_exist) {
@@ -1511,14 +1513,16 @@ setlogfile(argv)
 {
     int fd, err;
 
-    if (!privileged_option)
-	seteuid(getuid());
+    if (!privileged_option && seteuid(getuid()) == -1) {
+	option_error("unable to drop permissions to open %s: %m", *argv);
+	return 0;
+    }
     fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
     if (fd < 0 && errno == EEXIST)
 	fd = open(*argv, O_WRONLY | O_APPEND);
     err = errno;
-    if (!privileged_option)
-	seteuid(0);
+    if (!privileged_option && seteuid(0) == -1)
+	fatal("unable to regain privileges: %m");
     if (fd < 0) {
 	errno = err;
 	option_error("Can't open log file %s: %m", *argv);
diff --git a/pppd/tty.c b/pppd/tty.c
index 1ef8a52..c356483 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -68,7 +68,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: tty.c,v 1.24 2005/07/12 01:09:05 paulus Exp $"
+#define RCSID	"$Id: tty.c,v 1.25 2006/06/04 07:04:57 paulus Exp $"
 
 #include <stdio.h>
 #include <ctype.h>
@@ -563,12 +563,16 @@ int connect_tty()
 			int err, prio;
 
 			prio = privopen? OPRIO_ROOT: tty_options[0].priority;
-			if (prio < OPRIO_ROOT)
-				seteuid(uid);
+			if (prio < OPRIO_ROOT && seteuid(uid) == -1) {
+				error("Unable to drop privileges before opening %s: %m\n",
+				      devnam);
+				status = EXIT_OPEN_FAILED;
+				goto errret;
+			}
 			real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
 			err = errno;
-			if (prio < OPRIO_ROOT)
-				seteuid(0);
+			if (prio < OPRIO_ROOT && seteuid(0) == -1)
+				fatal("Unable to regain privileges");
 			if (real_ttyfd >= 0)
 				break;
 			errno = err;