From 675435f5786538db99de4facca3987a2e60ae7b7 Mon Sep 17 00:00:00 2001
From: Robin Hack <rhack(a)redhat.com>
Date: Fri, 15 Aug 2014 17:47:37 +0200
Subject: [PATCH 2/3] pam_keyinit: Check return value of setregid.
Add check for return value in error branch. Just log if setregid fails.
---
modules/pam_keyinit/pam_keyinit.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index 8d0501e..f82eead 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -218,7 +218,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (uid != old_uid && setreuid(uid, -1) < 0) {
error(pamh, "Unable to change UID to %d temporarily\n", uid);
- setregid(old_gid, -1);
+ if (setregid(old_gid, -1) < 0)
+ error(pamh, "Unable to change GID back to %d\n", old_gid);
return PAM_SESSION_ERR;
}
--
1.9.3