* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+ printf("-1\n");
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D(("setuid failed"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */