summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2013-09-16 11:48:12 +0200
committerThorsten Kukuk <kukuk@thkukuk.de>2013-09-16 11:48:12 +0200
commitba315ae8effdcad591608c99452dad05c4cf20ab (patch)
tree5b7ef082e883af17506cba5d42b58dbeb36f419a
parent45ec020678ffc82f6c2849935907e2d83710a1f2 (diff)
Check return value of setuid to remove glibc warnings.
* modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise.
-rw-r--r--modules/pam_unix/pam_unix_acct.c7
-rw-r--r--modules/pam_unix/support.c5
2 files changed, 10 insertions, 2 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 865dc290..8ec44492 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+ printf("-1\n");
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 9284dbaa..19d72e66 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D(("setuid failed"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */