diff options
author | Nick Kralevich <nnk@google.com> | 2010-11-17 16:55:42 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2010-11-17 16:55:42 -0800 |
commit | 2268718ee2b23936f6db88eff7af03762713c169 (patch) | |
tree | 645d3a07e8477a11b432a63c0659c4e910ec9268 /init | |
parent | 609d8828d3b8266a80606bf902d1294296962cf3 (diff) | |
download | system_core-2268718ee2b23936f6db88eff7af03762713c169.zip system_core-2268718ee2b23936f6db88eff7af03762713c169.tar.gz system_core-2268718ee2b23936f6db88eff7af03762713c169.tar.bz2 |
check the return value of setuid and friends
Under some circumstances, setuid() and family can fail,
returning a non-zero value. (see "man setuid" for details).
If this happens, we want to ensure that init doesn't spawn a
process which has root privileges when it's not suppose to.
Change-Id: Idd03f2c8f82a7eaf6e696b5bcfe308e51ea58b52
Diffstat (limited to 'init')
-rwxr-xr-x | init/init.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/init/init.c b/init/init.c index cd129c3..7aef387 100755 --- a/init/init.c +++ b/init/init.c @@ -243,13 +243,22 @@ void service_start(struct service *svc, const char *dynamic_args) /* as requested, set our gid, supplemental gids, and uid */ if (svc->gid) { - setgid(svc->gid); + if (setgid(svc->gid) != 0) { + ERROR("setgid failed: %s\n", strerror(errno)); + _exit(127); + } } if (svc->nr_supp_gids) { - setgroups(svc->nr_supp_gids, svc->supp_gids); + if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) { + ERROR("setgroups failed: %s\n", strerror(errno)); + _exit(127); + } } if (svc->uid) { - setuid(svc->uid); + if (setuid(svc->uid) != 0) { + ERROR("setuid failed: %s\n", strerror(errno)); + _exit(127); + } } if (!dynamic_args) { |