[linux-pam] pam_keyinit: Check return value of setregid.
commit 29b63ae08f071aee5b1b901e6fb8f8131b82032d
Author: Robin Hack <rhack(a)redhat.com>
Date: Mon Aug 25 17:33:21 2014 +0200
pam_keyinit: Check return value of setregid.
modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails.
modules/pam_keyinit/pam_keyinit.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index 8d0501e..f82eead 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -218,7 +218,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (uid != old_uid && setreuid(uid, -1) < 0) {
error(pamh, "Unable to change UID to %d temporarily\n", uid);
- setregid(old_gid, -1);
+ if (setregid(old_gid, -1) < 0)
+ error(pamh, "Unable to change GID back to %d\n", old_gid);
return PAM_SESSION_ERR;
}