From: Christian Kastner <ckk@kvr.at>
Date: Tue, 22 Dec 2015 18:31:13 +0100
Subject: Check privilege drop results (CVE-2006-2607)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Check the results of privilege dropping operations, and bail out if they fail.
Documented as CVE-2006-2607.

Fixes provided by Steve Greenland <stevegr@debian.org>, and extended by Javier
Fernández-Sanguino Peña <jfs@debian.org>.

Bug-Debian: https://bugs.debian.org/85609
Bug-Debian: https://bugs.debian.org/86775
Bug-Debian: https://bugs.debian.org/528434
Forwarded: no
Last-Update: 2015-20-22
---
 do_command.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/do_command.c b/do_command.c
index d6491c5..294b177 100644
--- a/do_command.c
+++ b/do_command.c
@@ -205,11 +205,29 @@ child_process(e, u)
 		/* set our directory, uid and gid.  Set gid first, since once
 		 * we set uid, we've lost root privledges.
 		 */
-		setgid(e->gid);
+		if (setgid(e->gid) !=0) {
+			char msg[256];
+			snprintf(msg, 256, "do_command:setgid(%lu) failed: %s",
+				(unsigned long) e->gid, strerror(errno));
+			log_it("CRON",getpid(),"error",msg);
+			exit(ERROR_EXIT);
+		}
 # if defined(BSD) || defined(POSIX)
-		initgroups(env_get("LOGNAME", e->envp), e->gid);
+		if (initgroups(env_get("LOGNAME", e->envp), e->gid) !=0) {
+			char msg[256];
+			snprintf(msg, 256, "do_command:initgroups(%lu) failed: %s",
+				(unsigned long) e->gid, strerror(errno));
+		  log_it("CRON",getpid(),"error",msg);
+		  exit(ERROR_EXIT);
+		}
 # endif
-		setuid(e->uid);		/* we aren't root after this... */
+		if (setuid(e->uid) !=0) { /* we aren't root after this... */
+			char msg[256];
+			snprintf(msg, 256, "do_command:setuid(%lu) failed: %s",
+				(unsigned long) e->uid, strerror(errno));
+			log_it("CRON",getpid(),"error",msg);
+			exit(ERROR_EXIT);
+		}
 		chdir(env_get("HOME", e->envp));
 
 		/* exec the command.