On 20/11/10 00:31, Nigel Metheringham wrote:
> The last 2 (setuid/setgid return checking) should be dealt with,
> as long as there aren't ancient Unix variants which return void.
That was the case of impossible failure. They're contained in an if
statement that checks to see if it's running as root before being
called. Both values used are returned from functions that don't fail
either.
####
real_uid = getuid();
real_gid = getgid();
if (real_uid == root_uid)
{
setgid(real_gid); /* root cannot fail at this */
setuid(real_uid); /* or this */
}
####
setuid ERRORS
EAGAIN The uid does not match the current uid and uid brings
process over its RLIMIT_NPROC resource limit.
EPERM The user is not privileged (Linux: does not have the
CAP_SETUID capability) and uid does not match the real UID or saved set-
user-ID of the calling process.
Or can it fail? If root ran the program when it was setuid to some other
user with too many processes already?