commit 2268718ee2b23936f6db88eff7af03762713c169
author Nick Kralevich <nnk@google.com> Wed Nov 17 16:55:42 2010 -0800
committer Nick Kralevich <nnk@google.com> Wed Nov 17 16:55:42 2010 -0800
tree 645d3a07e8477a11b432a63c0659c4e910ec9268
parent 609d8828d3b8266a80606bf902d1294296962cf3

check the return value of setuid and friends

Under some circumstances, setuid() and family can fail,
returning a non-zero value.  (see "man setuid" for details).
If this happens, we want to ensure that init doesn't spawn a
process which has root privileges when it's not suppose to.

Change-Id: Idd03f2c8f82a7eaf6e696b5bcfe308e51ea58b52

init/init.c

diff --git a/init/init.c b/init/init.c
index cd129c3..7aef387 100755
--- a/init/init.c
+++ b/init/init.c
@@ -243,13 +243,22 @@
 
     /* as requested, set our gid, supplemental gids, and uid */
         if (svc->gid) {
-            setgid(svc->gid);
+            if (setgid(svc->gid) != 0) {
+                ERROR("setgid failed: %s\n", strerror(errno));
+                _exit(127);
+            }
         }
         if (svc->nr_supp_gids) {
-            setgroups(svc->nr_supp_gids, svc->supp_gids);
+            if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) {
+                ERROR("setgroups failed: %s\n", strerror(errno));
+                _exit(127);
+            }
         }
         if (svc->uid) {
-            setuid(svc->uid);
+            if (setuid(svc->uid) != 0) {
+                ERROR("setuid failed: %s\n", strerror(errno));
+                _exit(127);
+            }
         }
 
         if (!dynamic_args) {