aboutsummaryrefslogtreecommitdiffstats
path: root/util/secmem.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/secmem.c')
-rw-r--r--util/secmem.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/util/secmem.c b/util/secmem.c
index 54836cbcf..8b80370c1 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -128,7 +128,9 @@ lock_pool( void *p, size_t n )
#endif
if( uid && !geteuid() ) {
- if( setuid( uid ) || getuid() != geteuid() )
+ /* check that we really dropped the privs.
+ * Note: setuid(0) should always fail */
+ if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
log_fatal("failed to reset uid: %s\n", strerror(errno));
}
@@ -260,7 +262,7 @@ secmem_init( size_t n )
disable_secmem=1;
uid = getuid();
if( uid != geteuid() ) {
- if( setuid( uid ) || getuid() != geteuid() )
+ if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
log_fatal("failed to drop setuid\n" );
}
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 09:19:40 +0000