From bb7ff3bccdf643bbe4ae01c09db996e79092da80 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Wed, 27 May 2009 22:06:04 +0200
Subject: chroot: set-*-ID failure must provoke nonzero exit before execvp

* src/chroot.c (main): Exit upon set-group-ID or set-user-ID failure.
---
 src/chroot.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/chroot.c b/src/chroot.c
index 788a1fc41..dccddd722 100644
--- a/src/chroot.c
+++ b/src/chroot.c
@@ -207,6 +207,7 @@ main (int argc, char **argv)
       char *user;
       char *group;
       char const *err = parse_user_spec (userspec, &uid, &gid, &user, &group);
+      bool fail = false;
 
       if (err)
         error (EXIT_FAILURE, errno, "%s", err);
@@ -214,14 +215,28 @@ main (int argc, char **argv)
       free (user);
       free (group);
 
+      /* Attempt to set all three: supplementary groups, group ID, user ID.
+         Diagnose any failures.  If any have failed, exit before execvp.  */
       if (groups && set_additional_groups (groups))
-        error (0, errno, _("failed to set additional groups"));
+        {
+          error (0, errno, _("failed to set additional groups"));
+          fail = true;
+        }
 
       if (gid && setgid (gid))
-        error (0, errno, _("failed to set group-ID"));
+        {
+          error (0, errno, _("failed to set group-ID"));
+          fail = true;
+        }
 
       if (uid && setuid (uid))
-        error (0, errno, _("failed to set user-ID"));
+        {
+          error (0, errno, _("failed to set user-ID"));
+          fail = true;
+        }
+
+      if (fail)
+        exit (EXIT_FAILURE);
     }
 
   /* Execute the given command.  */
-- 
cgit v1.2.3-54-g00ecf