summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2010-11-17 16:55:42 -0800
committerNick Kralevich <nnk@google.com>2010-11-17 16:55:42 -0800
commit2268718ee2b23936f6db88eff7af03762713c169 (patch)
tree645d3a07e8477a11b432a63c0659c4e910ec9268 /init
parent609d8828d3b8266a80606bf902d1294296962cf3 (diff)
downloadsystem_core-2268718ee2b23936f6db88eff7af03762713c169.zip
system_core-2268718ee2b23936f6db88eff7af03762713c169.tar.gz
system_core-2268718ee2b23936f6db88eff7af03762713c169.tar.bz2
check the return value of setuid and friends
Under some circumstances, setuid() and family can fail, returning a non-zero value. (see "man setuid" for details). If this happens, we want to ensure that init doesn't spawn a process which has root privileges when it's not suppose to. Change-Id: Idd03f2c8f82a7eaf6e696b5bcfe308e51ea58b52
Diffstat (limited to 'init')
-rwxr-xr-xinit/init.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/init/init.c b/init/init.c
index cd129c3..7aef387 100755
--- a/init/init.c
+++ b/init/init.c
@@ -243,13 +243,22 @@ void service_start(struct service *svc, const char *dynamic_args)
/* as requested, set our gid, supplemental gids, and uid */
if (svc->gid) {
- setgid(svc->gid);
+ if (setgid(svc->gid) != 0) {
+ ERROR("setgid failed: %s\n", strerror(errno));
+ _exit(127);
+ }
}
if (svc->nr_supp_gids) {
- setgroups(svc->nr_supp_gids, svc->supp_gids);
+ if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) {
+ ERROR("setgroups failed: %s\n", strerror(errno));
+ _exit(127);
+ }
}
if (svc->uid) {
- setuid(svc->uid);
+ if (setuid(svc->uid) != 0) {
+ ERROR("setuid failed: %s\n", strerror(errno));
+ _exit(127);
+ }
}
if (!dynamic_args) {