From: Paul Mackerras <paulus@samba.org>
Date: Sun, 4 Jun 2006 07:02:37 +0000 (+0000)
Subject: Check the return value of setuid, and make sure that it worked.
X-Git-Tag: ppp-2.4.7~114
X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=c9d584f5fa17f5fc368e81c63b0f5db1f8218cfd

Check the return value of setuid, and make sure that it worked.
Fixes CVE-2006-2194.
---

diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
index 8d8e981..bb05acd 100644
--- a/pppd/plugins/winbind.c
+++ b/pppd/plugins/winbind.c
@@ -296,15 +296,18 @@ unsigned int run_ntlm_auth(const char *username,
 
 	if (forkret == 0) {
 		/* child process */
+		uid_t uid;
+
 		close(child_out[0]);
 		close(child_in[1]);
 
 		/* run winbind as the user that invoked pppd */
 		setgid(getgid());
-		setuid(getuid());
+		uid = getuid();
+		if (setuid(uid) == -1 || getuid() != uid)
+			fatal("pppd/winbind: could not setuid to %d: %m", uid);
 		execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);  
-		perror("pppd/winbind: could not exec /bin/sh");
-		exit(1);
+		fatal("pppd/winbind: could not exec /bin/sh: %m");
 	}
 
         /* parent */