@@ -296,8 +296,14 @@ static void allow(char *shell, mode_t mask)
296296 }
297297 exe = strrchr (shell , '/' );
298298 exe = (exe ) ? exe + 1 : shell ;
299- setresgid (to -> uid , to -> uid , to -> uid );
300- setresuid (to -> uid , to -> uid , to -> uid );
299+ if (setresgid (to -> uid , to -> uid , to -> uid )) {
300+ PLOGE ("setresgid (%u)" , to -> uid );
301+ exit (EXIT_FAILURE );
302+ }
303+ if (setresuid (to -> uid , to -> uid , to -> uid )) {
304+ PLOGE ("setresuid (%u)" , to -> uid );
305+ exit (EXIT_FAILURE );
306+ }
301307 LOGD ("%u %s executing %u %s using shell %s : %s" , from -> uid , from -> bin ,
302308 to -> uid , to -> command , shell , exe );
303309 if (strcmp (to -> command , DEFAULT_COMMAND )) {
@@ -406,11 +412,23 @@ int main(int argc, char *argv[])
406412 }
407413
408414 mkdir (REQUESTOR_CACHE_PATH , 0770 );
409- chown (REQUESTOR_CACHE_PATH , st .st_uid , st .st_gid );
415+ if (chown (REQUESTOR_CACHE_PATH , st .st_uid , st .st_gid )) {
416+ PLOGE ("chown (%s, %ld, %ld)" , REQUESTOR_CACHE_PATH , st .st_uid , st .st_gid );
417+ deny ();
418+ }
410419
411- setgroups (0 , NULL );
412- setegid (st .st_gid );
413- seteuid (st .st_uid );
420+ if (setgroups (0 , NULL )) {
421+ PLOGE ("setgroups" );
422+ deny ();
423+ }
424+ if (setegid (st .st_gid )) {
425+ PLOGE ("setegid (%lu)" , st .st_gid );
426+ deny ();
427+ }
428+ if (seteuid (st .st_uid )) {
429+ PLOGE ("seteuid (%lu)" , st .st_uid );
430+ deny ();
431+ }
414432
415433 dballow = database_check (& su_from , & su_to );
416434 switch (dballow ) {
0 commit comments