Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: [PATCH] Silence compilation warnings about setuid, setgid
- X-seq: zsh-workers 42994
- From: Peter Stephenson <p.stephenson@xxxxxxxxxxx>
- To: Zsh hackers list <zsh-workers@xxxxxxx>
- Subject: Re: [PATCH] Silence compilation warnings about setuid, setgid
- Date: Wed, 13 Jun 2018 14:10:19 +0100
- Cms-type: 201P
- Dkim-filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20180613131023euoutp021455b9f434334226808da3b172f375fd~3uklvffLK2202622026euoutp02Z
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1528895423; bh=3XbTBJHvI/ufEEXxCZWX3DyiZ2vK9vJu0VoSg/5i/fk=; h=Date:From:To:Subject:In-Reply-To:References:From; b=c8GFX0HK0MsxfoHRUy5bdZtjTtcQuviF4ShKEPQzBkfdyXu+AwXcfR1RAjisOpLmq 4gxIUsnZp/5Qpiw9x6wbEVlR+1ZUNShjaYg81xR9fpcUYZaTVNmcjjDz7Hk8gLFUpJ 06qTUgQhagDV98lITDLMHN5BzbhcinJ1Kfz/LT6M=
- In-reply-to: <CAF6rxgmVA5KtcRoaVZi5P=6OtQdLPzHJowbBm+eyp0Zjea19Sg@mail.gmail.com>
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- List-unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- Organization: SCSC
- References: <CAKc7PVBWHsOhpC7mZcL4DA0ih=3yJF-HYe+We=r0q1oXA_s38g@mail.gmail.com> <CGME20180613115039epcas5p3f7e70bdce12919686a5dec9895782138@epcas5p3.samsung.com> <CAF6rxgmVA5KtcRoaVZi5P=6OtQdLPzHJowbBm+eyp0Zjea19Sg@mail.gmail.com>
On Wed, 13 Jun 2018 04:49:39 -0700
Eitan Adler <lists@xxxxxxxxxxxxxx> wrote:
> On 7 May 2018 at 04:18, Sebastian Gniazdowski
> <sgniazdowski@xxxxxxxxx> wrote:
> > Hello,
> > on a Linux box I see:
> > Looking at the source, the reported calls are "extra" ones, they are
> > followed by proper setuid, setgid calls. I've found some way out
> > from this situation, of using the report value and reporting it
> > (gmail paste, proper patch is attached):
> >
>
> > #ifdef HAVE_SETUID
> > - setuid(getuid());
> > - setgid(getgid());
>
> While we're touching this code can we please correct the order of
> setuid and setgid?
>
> setgid must be called before setuid. If setuid is called first, on
> some platforms, it no longer has privs to call setgid aymore.
Presumably that's a trivial swap? I don't know if we need both
setgid()s before both setuid()s, because I don't know why they're
repeated --- but if the second case is simply to test for an error that's
not a big deal since if it worked properly there won't be one.
I didn't look at the original patch before now --- the obvious way to
fix it would simply be a cast to void. There's no comment about why the
code is like that, so perhaps retaining the error number is safer.
However, I think it's just confusing except in the (few?) cases where
the error number is different the first time. I ended up with this...
diff --git a/Src/options.c b/Src/options.c
index 590652e..14d9c3c 100644
--- a/Src/options.c
+++ b/Src/options.c
@@ -769,15 +769,24 @@ dosetopt(int optno, int value, int force, char *new_opts)
} else if(optno == PRIVILEGED && !value) {
/* unsetting PRIVILEGED causes the shell to make itself unprivileged */
#ifdef HAVE_SETUID
- setuid(getuid());
- setgid(getgid());
- if (setuid(getuid())) {
- zwarn("failed to change user ID: %e", errno);
- return -1;
- } else if (setgid(getgid())) {
+ int uerr = 0, gerr = 0;
+
+ errno = 0;
+ if (setgid(getgid()))
+ gerr = errno;
+ if (setuid(getuid()))
+ uerr = errno;
+ if (setgid(getgid())) {
zwarn("failed to change group ID: %e", errno);
+ if (gerr && gerr != errno)
+ zwarn("(error of additional preceding setgid() call: %e)", gerr);
return -1;
- }
+ } else if (setuid(getuid())) {
+ zwarn("failed to change user ID: %e", errno);
+ if (uerr && uerr != errno)
+ zwarn("(error of additional preceding setuid() call: %e)", uerr);
+ return -1;
+ }
#else
zwarn("setuid not available");
return -1;
Messages sorted by:
Reverse Date,
Date,
Thread,
Author