From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <zsh-workers-return-42994-mason-zsh=primenet.com.au@zsh.org>
Received: (qmail 19146 invoked by alias); 13 Jun 2018 13:10:32 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
X-Seq: 42994
Received: (qmail 26417 invoked by uid 1010); 13 Jun 2018 13:10:32 -0000
X-Qmail-Scanner-Diagnostics: from mailout2.w1.samsung.com by f.primenet.com.au (envelope-from <p.stephenson@samsung.com>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.99.2/21882. spamassassin: 3.4.1.  
 Clear:RC:0(210.118.77.12):SA:0(-6.9/5.0):. 
 Processed in 3.406867 secs); 13 Jun 2018 13:10:32 -0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on f.primenet.com.au
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,
	SPF_HELO_PASS,SPF_PASS,T_DKIMWL_WL_HIGH,T_DKIM_INVALID autolearn=ham
	autolearn_force=no version=3.4.1
X-Envelope-From: p.stephenson@samsung.com
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20180613131023euoutp021455b9f434334226808da3b172f375fd~3uklvffLK2202622026euoutp02Z
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com;
	s=mail20170921; t=1528895423;
	bh=3XbTBJHvI/ufEEXxCZWX3DyiZ2vK9vJu0VoSg/5i/fk=;
	h=Date:From:To:Subject:In-Reply-To:References:From;
	b=c8GFX0HK0MsxfoHRUy5bdZtjTtcQuviF4ShKEPQzBkfdyXu+AwXcfR1RAjisOpLmq
	 4gxIUsnZp/5Qpiw9x6wbEVlR+1ZUNShjaYg81xR9fpcUYZaTVNmcjjDz7Hk8gLFUpJ
	 06qTUgQhagDV98lITDLMHN5BzbhcinJ1Kfz/LT6M=
X-AuditID: cbfec7f2-1dbff70000011644-ee-5b2117bd2036
Date: Wed, 13 Jun 2018 14:10:19 +0100
From: Peter Stephenson <p.stephenson@samsung.com>
To: Zsh hackers list <zsh-workers@zsh.org>
Subject: Re: [PATCH] Silence compilation warnings about setuid, setgid
In-Reply-To: <CAF6rxgmVA5KtcRoaVZi5P=6OtQdLPzHJowbBm+eyp0Zjea19Sg@mail.gmail.com>
Organization: SCSC
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNIsWRmVeSWpSXmKPExsWy7djPc7p7xRWjDX6v17A42PyQyYHRY9XB
	D0wBjFFcNimpOZllqUX6dglcGbtWbWQq+C5S8fbOafYGxj38XYycHBICJhLPft5g6WLk4hAS
	WMEosWTGHXaQhJBAH5PEj9XiEIleJomH03+xwnTsXXSJGSKxnFGi/dxzRriqX9P/s0C0n2GU
	uL4mAsK+wCix+Y0YiM0ioCqx9U4rM4jNJmAoMXXTbEYQW0RAS2LHyZNMILawgJvE5nmbwWo4
	BQIldr74CmRzcPALCElcaLaFOMJe4ugeiHJeAUGJkzOfgK1lFpCX2P52DjNEzWc2iZ6bYSCt
	vAJlEmt2WkKEXSQePFnPBmELS7w6voUdwpaR+L9zPhPIKxIC7YwSaya9ZodwehglNh29wwhR
	ZS3Rd/siI8hQZgFNifW79CHCjhL/Dm1jBwlLCPBJ3HgrCHEOn8SkbdOZIcK8Eh1tQhDVahI7
	mrYyTmBUnoXkgVlIHpiFMH8BI/MqRvHU0uLc9NRiw7zUcr3ixNzi0rx0veT83E2MwCRw+t/x
	TzsYv15KOsQowMGoxMP74KJ8tBBrYllxZe4hRgkOZiURXr8XCtFCvCmJlVWpRfnxRaU5qcWH
	GKU5WJTEeeM06qKEBNITS1KzU1MLUotgskwcnFINjAx67v1tF+583+pUx/4z3Uzns0FyvXcj
	e+O88x8UlA/3ygnLfp/PckwzIMy3WNi2uojHXtBFTPHRNbmCI/oxdX09BaGH1z69/nlRj9/s
	r7KlNiZiXZYM+356iyy+Md+H9Wneyne283e8/sDo+J1fpETAXKzpKO8XL7YbbLrTVlz/06Wf
	0RymxFKckWioxVxUnAgAk//vhf4CAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjkeLIzCtJLcpLzFFi42I5/e/4Pd094orRBr/vGVocbH7I5MDoserg
	B6YAxig9m6L80pJUhYz84hJbpWhDCyM9Q0sLPSMTSz1DY/NYKyNTJX07m5TUnMyy1CJ9uwS9
	jF2rNjIVfBepeHvnNHsD4x7+LkZODgkBE4m9iy4xdzFycQgJLGWUWHq0lw0iISPx6cpHdghb
	WOLPtS42iKJuJomnK/YxQThnGCW2LeiFylxglNi78QJYO4uAqsTWO63MIDabgKHE1E2zGUFs
	EQEtiR0nTzKB2MICbhKb520Gq+EVcJboOjEfzOYUCJTY+eIr1E2vGSWOLVvD2sXIwcEvICRx
	odkW4iR7iaN7IObwCghKnJz5hAXEZhbQkTix6hgzhC0vsf3tHOYJjMKzkJTNQlI2C0nZAkbm
	VYwiqaXFuem5xYZ6xYm5xaV56XrJ+bmbGIFxse3Yz807GC9tDD7EKMDBqMTD++CifLQQa2JZ
	cWXuIUYJDmYlEV6/FwrRQrwpiZVVqUX58UWlOanFhxhNgYExkVlKNDkfGLN5JfGGpobmFpaG
	5sbmxmYWSuK85w0qo4QE0hNLUrNTUwtSi2D6mDg4pRoY674l3jDLs0vlvDV/netVh6uXLn87
	0O2mfG9D2dr3fPKMM1TdAy8/cflo58XPXHbtxjaVSf/Z8/LEU37qqZSmh/3qWiC3f3522nHu
	jjTj+v1nK0u2rUqW82FOfbPllpiCeFI1Z8uXyJ9MObzKaxbacASy+LtI3a2Kvnp3mUXFZqbD
	5pPWC7UosRRnJBpqMRcVJwIAGgDA3aECAAA=
Message-Id: <20180613131021eucas1p263704fa9832375e6a49cf7f2077606dc~3ukj6hhqT1702017020eucas1p2W@eucas1p2.samsung.com>
X-CMS-MailID: 20180613131021eucas1p263704fa9832375e6a49cf7f2077606dc
X-Msg-Generator: CA
Content-Type: text/plain; charset="utf-8"
X-RootMTR: 20180613115039epcas5p3f7e70bdce12919686a5dec9895782138
X-EPHeader: CA
CMS-TYPE: 201P
X-CMS-RootMailID: 20180613115039epcas5p3f7e70bdce12919686a5dec9895782138
References: <CAKc7PVBWHsOhpC7mZcL4DA0ih=3yJF-HYe+We=r0q1oXA_s38g@mail.gmail.com>
	<CGME20180613115039epcas5p3f7e70bdce12919686a5dec9895782138@epcas5p3.samsung.com>
	<CAF6rxgmVA5KtcRoaVZi5P=6OtQdLPzHJowbBm+eyp0Zjea19Sg@mail.gmail.com>

On Wed, 13 Jun 2018 04:49:39 -0700
Eitan Adler <lists@eitanadler.com> wrote:
> On 7 May 2018 at 04:18, Sebastian Gniazdowski
> <sgniazdowski@gmail.com> wrote:
> > Hello,
> > on a Linux box I see:
> > Looking at the source, the reported calls are "extra" ones, they are
> > followed by proper setuid, setgid calls. I've found some way out
> > from this situation, of using the report value and reporting it
> > (gmail paste, proper patch is attached):
> >  
> 
> >  #ifdef HAVE_SETUID
> > -       setuid(getuid());
> > -       setgid(getgid());  
> 
> While we're touching this code can we please correct the order of
> setuid and setgid?
> 
> setgid must be called before setuid. If setuid is called first, on
> some platforms, it no longer has privs to call setgid aymore.

Presumably that's a trivial swap?  I don't know if we need both
setgid()s before both setuid()s, because I don't know why they're
repeated --- but if the second case is simply to test for an error that's
not a big deal since if it worked properly there won't be one.

I didn't look at the original patch before now --- the obvious way to
fix it would simply be a cast to void.  There's no comment about why the
code is like that, so perhaps retaining the error number is safer.
However, I think it's just confusing except in the (few?)  cases where
the error number is different the first time.  I ended up with this...

diff --git a/Src/options.c b/Src/options.c
index 590652e..14d9c3c 100644
--- a/Src/options.c
+++ b/Src/options.c
@@ -769,15 +769,24 @@ dosetopt(int optno, int value, int force, char *new_opts)
     } else if(optno == PRIVILEGED && !value) {
 	/* unsetting PRIVILEGED causes the shell to make itself unprivileged */
 #ifdef HAVE_SETUID
-	setuid(getuid());
-	setgid(getgid());
-        if (setuid(getuid())) {
-            zwarn("failed to change user ID: %e", errno);
-            return -1;
-	} else if (setgid(getgid())) {
+	int uerr = 0, gerr = 0;
+
+	errno = 0;
+	if (setgid(getgid()))
+	    gerr = errno;
+	if (setuid(getuid()))
+	    uerr = errno;
+	if (setgid(getgid())) {
             zwarn("failed to change group ID: %e", errno);
+            if (gerr && gerr != errno)
+                zwarn("(error of additional preceding setgid() call: %e)", gerr);
             return -1;
-        }
+        } else if (setuid(getuid())) {
+            zwarn("failed to change user ID: %e", errno);
+            if (uerr && uerr != errno)
+                zwarn("(error of additional preceding setuid() call: %e)", uerr);
+            return -1;
+	}
 #else
         zwarn("setuid not available");
         return -1;