Perform error check on setuid() call in shutdown as manual page suggests.

This commit is contained in:
Jesse Smith 2018-02-20 19:37:29 -04:00
parent 6a8a216449
commit d21c8fc44b

View File

@ -498,7 +498,15 @@ int main(int argc, char **argv)
int user_ok = 0; int user_ok = 0;
/* We can be installed setuid root (executable for a special group) */ /* We can be installed setuid root (executable for a special group) */
/*
This way is risky, do error check on setuid call.
setuid(geteuid()); setuid(geteuid());
*/
errno = 0;
if (setuid(geteuid()) == -1) {
fprintf(stderr, "%s (%d): %s\n", __FILE__, __LINE__, strerror(errno));
abort();
}
if (getuid() != 0) { if (getuid() != 0) {
fprintf(stderr, "shutdown: you must be root to do that!\n"); fprintf(stderr, "shutdown: you must be root to do that!\n");