commit ba315ae8effdcad591608c99452dad05c4cf20ab Author: Thorsten Kukuk kukuk@thkukuk.de Date: Mon Sep 16 11:48:12 2013 +0200
Check return value of setuid to remove glibc warnings.
* modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise.
modules/pam_unix/pam_unix_acct.c | 7 ++++++- modules/pam_unix/support.c | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) --- diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 865dc29..8ec4449 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); + printf("-1\n"); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); + } }
/* exec binary helper */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 9284dba..19d72e6 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + D(("setuid failed")); + _exit(PAM_AUTHINFO_UNAVAIL); + } }
/* exec binary helper */
linux-pam-commits@lists.fedorahosted.org