pam_ssh_agent_auth / Bugs / #23 Ignores return value of seteuid() in two cases

#23 Ignores return value of seteuid() in two cases

Status: open

Owner: nobody

Labels: security (3)

Priority: 5

Updated: 2017-01-08

Created: 2016-04-13

Creator: Balint Reczey

Private: No

From https://buildd.debian.org/status/fetch.php?pkg=pam-ssh-agent-auth&arch=i386&ver=0.10.2-1&stamp=1454675300 :
...
authfd.c: In function 'ssh_get_authentication_socket':
authfd.c:147:5: warning: ignoring return value of 'seteuid', declared with attribute warn_unused_result [-Wunused-result]
seteuid(uid); / To ensure a race condition is not used to circumvent the stat
^
authfd.c:156:5: warning: ignoring return value of 'seteuid', declared with attribute warn_unused_result [-Wunused-result]
seteuid(0); / we now continue the regularly scheduled programming */
^
...

From man seteuid:
...
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.

   Note: there are cases where seteuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from seteuid().

...

Discussion

Balint Reczey - 2017-01-08

Patch used in Debian.

01_check_seteuid_ret_val.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ignores return value of seteuid() in two cases

Group

Searches

Help

#23 Ignores return value of seteuid() in two cases

Discussion