diff options
| author |   millert <millert@openbsd.org> | 2002-07-20 12:32:11 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2002-07-20 12:32:11 +0000 |
| commit | dd90a479f8b3e5f69eda9f84503a072a5cf30fa2 (patch) | |
| tree | 7f0ba05fc5d8b26fbedf1564e2b8f00c2a7bf486 | |
| parent | try to make pingsock and rpcsock resv too (diff) | |
| download | wireguard-openbsd-dd90a479f8b3e5f69eda9f84503a072a5cf30fa2.tar.xz wireguard-openbsd-dd90a479f8b3e5f69eda9f84503a072a5cf30fa2.zip | |
Error out if setusercontext() fails and the runas user is not root.
Pointed out by deraadt@
| -rw-r--r-- | usr.bin/sudo/set_perms.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/usr.bin/sudo/set_perms.c b/usr.bin/sudo/set_perms.c index 300f5b3f388..cd750699266 100644 --- a/usr.bin/sudo/set_perms.c +++ b/usr.bin/sudo/set_perms.c @@ -313,8 +313,12 @@ runas_setup() } else #endif /* HAVE_LOGIN_CAP_H */ { - if (setgid(runas_pw->pw_gid)) - perror("cannot set gid to runas gid"); + if (setgid(runas_pw->pw_gid)) { + if (runas_pw->pw_gid != 0) + fatal("unable to set user context", 1); + else + perror("cannot set gid to runas gid"); + } #ifdef HAVE_INITGROUPS /* * Initialize group vector unless asked not to. |