Check return value of setuid to remove glibc warnings.

* modules/pam_unix/pam_unix_acct.c: Check setuid return value.
* modules/pam_unix/support.c: Likewise.

diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 865dc2903ac09d90269becaa52479439d150b8a9..8ec444926151dbf20b5ac12be648598b7d7a4650 100644 (file)
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
     if (geteuid() == 0) {
       /* must set the real uid to 0 so the helper will not error
          out if pam is called from setuid binary (su, sudo...) */
-      setuid(0);
+      if (setuid(0) == -1) {
+          pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+          printf("-1\n");
+          fflush(stdout);
+          _exit(PAM_AUTHINFO_UNAVAIL);
+      }
     }
 
     /* exec binary helper */

diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 9284dbaa08f4a4422a8f2493b3dd266d930e73b3..19d72e66686ed7bc0c5cafc9e01f4f50f9e95505 100644 (file)
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
        if (geteuid() == 0) {
           /* must set the real uid to 0 so the helper will not error
             out if pam is called from setuid binary (su, sudo...) */
-         setuid(0);
+         if (setuid(0) == -1) {
+             D(("setuid failed"));
+            _exit(PAM_AUTHINFO_UNAVAIL);
+          }
        }
 
        /* exec binary helper */