From d882372200a19fee8503aed5c2d6385509ba72b7 Mon Sep 17 00:00:00 2001 From: Bill Meier Date: Wed, 3 Oct 2012 15:22:31 +0000 Subject: *nix: Test return status of set*uid and related set*gid fcns for failure; This fixes gcc compiler errors [-Werror=unused-result] caused by the recent addition of the "__wur" (warn_unused_result) attribute to the declarations of these functions in unistd.h. svn path=/trunk/; revision=45286 --- wsutil/privileges.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) (limited to 'wsutil/privileges.c') diff --git a/wsutil/privileges.c b/wsutil/privileges.c index 4cb3e6b497..039b15a088 100644 --- a/wsutil/privileges.c +++ b/wsutil/privileges.c @@ -251,10 +251,22 @@ running_with_special_privs(void) /* * Permanently relinquish set-UID and set-GID privileges. - * Ignore errors for now - if we have the privileges, we should - * be able to relinquish them. + * If error, abort since we probably shouldn't continue + * with elevated privileges. + * Note that if this error occurs when dumpcap is called from + * wireshark or tshark, the message seen will be + * "Child dumpcap process died:". This is obscure but we'll + * consider it acceptable since it should be highly unlikely + * that this error will occur. */ +static void +setxid_fail(gchar *str) +{ + g_error("Attempt to relinguish privileges failed [%s()] - aborting: %s\n", + str, g_strerror(errno)); +} + void relinquish_special_privs_perm(void) { @@ -270,17 +282,17 @@ relinquish_special_privs_perm(void) */ if (started_with_special_privs()) { #ifdef HAVE_SETRESGID - setresgid(rgid, rgid, rgid); + if (setresgid(rgid, rgid, rgid) == -1) {setxid_fail("setresgid");} #else - setgid(rgid); - setegid(rgid); + if (setgid(rgid) == -1) {setxid_fail("setgid"); } + if (setegid(rgid) == -1) {setxid_fail("setegid");} #endif #ifdef HAVE_SETRESUID - setresuid(ruid, ruid, ruid); + if (setresuid(ruid, ruid, ruid) == -1) {setxid_fail("setresuid");} #else - setuid(ruid); - seteuid(ruid); + if (setuid(ruid) == -1) {setxid_fail("setuid"); } + if (seteuid(ruid) == -1) {setxid_fail("seteuid");} #endif } } -- cgit v1.2.3