[packages/X11.git] / x11r6.9.0-setuid.diff

Index: xc/config/util/chownxterm.c
===================================================================
RCS file: /cvs/xorg/xc/config/util/chownxterm.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 chownxterm.c
--- xc/config/util/chownxterm.c	14 Nov 2003 16:48:20 -0000	1.1.1.1
+++ xc/config/util/chownxterm.c	5 Jun 2006 10:35:10 -0000
@@ -41,8 +41,10 @@
 
 void help()
 {
-    setgid(getgid());
-    setuid(getuid());
+    if (setgid(getgid()) == -1) 
+	exit(1);
+    if (setuid(getuid()) == -1)
+	exit(1);
     printf("chown-xterm makes %s suid root\n", XTERM_PATH);
     printf("This is necessary on Ultrix for /dev/tty operation.\n");
     exit(0);
@@ -51,8 +53,10 @@
 void print_error(err_string)
     char *err_string;
 {
-    setgid(getgid());
-    setuid(getuid());
+    if (setgid(getgid()) == -1)
+	exit(1);
+    if (setuid(getuid()) == -1)
+	exit(1);
     fprintf(stderr, "%s: \"%s\"", prog_name, err_string);
     perror(" failed");
     exit(1);
Index: xc/lib/X11/lcFile.c
===================================================================
RCS file: /cvs/xorg/xc/lib/X11/lcFile.c,v
retrieving revision 1.6
diff -u -r1.6 lcFile.c
--- xc/lib/X11/lcFile.c	13 May 2005 22:53:44 -0000	1.6
+++ xc/lib/X11/lcFile.c	5 Jun 2006 10:35:14 -0000
@@ -269,7 +269,11 @@
 	    if (seteuid(0) != 0) {
 		priv = 0;
 	    } else {
-		seteuid(oldeuid);
+		if (seteuid(oldeuid) == -1) {
+		    /* XXX ouch, coudn't get back to original uid 
+		     what can we do ??? */
+		    _exit(127);
+		}
 		priv = 1;
 	    }
 #endif
Index: xc/lib/xtrans/Xtranslcl.c
===================================================================
RCS file: /cvs/xorg/xc/lib/xtrans/Xtranslcl.c,v
retrieving revision 1.4
diff -u -r1.4 Xtranslcl.c
--- xc/lib/xtrans/Xtranslcl.c	8 Nov 2005 06:33:26 -0000	1.4
+++ xc/lib/xtrans/Xtranslcl.c	5 Jun 2006 10:35:15 -0000
@@ -360,7 +360,10 @@
 	uid_t       saved_euid;
 
 	saved_euid = geteuid();
-	setuid( getuid() ); /** sets the euid to the actual/real uid **/
+	/** sets the euid to the actual/real uid **/
+	if (setuid( getuid() ) == -1) {
+		exit(1);
+	}
 	if( chown( slave, saved_euid, -1 ) < 0 ) {
 		exit( 1 );
 		}
@@ -369,7 +372,13 @@
     }
 
     waitpid(saved_pid, &exitval, 0);
-
+    if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
+	close(fd);
+	close(server);
+	PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
+	      slave, 0, 0);
+	return(-1);
+    }
     if (chmod(slave, 0666) < 0) {
 	close(fd);
 	close(server);
Index: xc/programs/Xserver/hw/xfree86/common/xf86Init.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v
retrieving revision 1.29
diff -u -r1.29 xf86Init.c
--- xc/programs/Xserver/hw/xfree86/common/xf86Init.c	14 Dec 2005 20:12:00 -0000	1.29
+++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c	5 Jun 2006 10:35:19 -0000
@@ -1,5 +1,5 @@
 /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */
-/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005-12-14 20:12:00 ajax Exp $ */
+/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:12:00 ajax Exp $ */
 
 /*
  * Loosely based on code bearing the following copyright:
@@ -1905,7 +1905,11 @@
           FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
           break;
       case 0:  /* child */
-          setuid(getuid());
+	  if (setuid(getuid()) == -1) {
+	      xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
+			 strerror(errno));
+	      exit(255);
+	  }
           /* set stdin, stdout to the consoleFd */
           for (i = 0; i < 2; i++) {
             if (xf86Info.consoleFd != i) {
Index: xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c,v
retrieving revision 1.9
diff -u -r1.9 libc_wrapper.c
--- xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c	3 Jul 2005 08:53:48 -0000	1.9
+++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c	5 Jun 2006 10:35:19 -0000
@@ -1270,7 +1270,10 @@
 #ifndef SELF_CONTAINED_WRAPPER
 	xf86DisableIO();
 #endif
-        setuid(getuid());
+        if (setuid(getuid()) == -1) {
+		ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
+		exit(255);
+	}
 #if !defined(SELF_CONTAINED_WRAPPER)
         /* set stdin, stdout to the consoleFD, and leave stderr alone */
         for (i = 0; i < 2; i++)
Index: xc/programs/Xserver/hw/xfree86/parser/write.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/parser/write.c,v
retrieving revision 1.3
diff -u -r1.3 write.c
--- xc/programs/Xserver/hw/xfree86/parser/write.c	3 Jul 2005 07:01:37 -0000	1.3
+++ xc/programs/Xserver/hw/xfree86/parser/write.c	5 Jun 2006 10:35:19 -0000
@@ -170,7 +170,10 @@
 					strerror(errno));
 			return 0;
 		case 0: /* child */
-			setuid(getuid());
+			if (setuid(getuid() == -1) 
+			    FatalError("xf86writeConfigFile(): "
+				"setuid failed(%s)\n", 
+				strerror(errno));
 			ret = doWriteConfigFile(filename, cptr);
 			exit(ret);
 			break;
Index: xc/programs/Xserver/os/utils.c
===================================================================
RCS file: /cvs/xorg/xc/programs/Xserver/os/utils.c,v
retrieving revision 1.21
diff -u -r1.21 utils.c
--- xc/programs/Xserver/os/utils.c	8 Nov 2005 06:33:30 -0000	1.21
+++ xc/programs/Xserver/os/utils.c	5 Jun 2006 10:35:20 -0000
@@ -1,4 +1,4 @@
-/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005-11-08 06:33:30 jkj Exp $ */
+/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005/11/08 06:33:30 jkj Exp $ */
 /* $Xorg: utils.c,v 1.5 2001/02/09 02:05:24 xorgcvs Exp $ */
 /*
 
@@ -1718,8 +1718,10 @@
     case -1:	/* error */
 	p = -1;
     case 0:	/* child */
-	setgid(getgid());
-	setuid(getuid());
+	if (setgid(getgid()) == -1)
+	    _exit(127);
+	if (setuid(getuid()) == -1)
+	    _exit(127);
 	execl("/bin/sh", "sh", "-c", command, (char *)NULL);
 	_exit(127);
     default:	/* parent */
@@ -1770,8 +1772,10 @@
 	xfree(cur);
 	return NULL;
     case 0:	/* child */
-	setgid(getgid());
-	setuid(getuid());
+	if (setgid(getgid()) == -1)
+	    _exit(127);
+	if (setuid(getuid()) == -1)
+	    _exit(127);
 	if (*type == 'r') {
 	    if (pdes[1] != 1) {
 		/* stdout */
@@ -1845,8 +1849,10 @@
 	xfree(cur);
 	return NULL;
     case 0:	/* child */
-	setgid(getgid());
-	setuid(getuid());
+	if (setgid(getgid()) == -1)
+	    _exit(127);
+	if (setuid(getuid()) == -1)
+	    _exit(127);
 	if (*type == 'r') {
 	    if (pdes[1] != 1) {
 		/* stdout */
Index: xc/programs/xdm/session.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xdm/session.c,v
retrieving revision 1.3
diff -u -r1.3 session.c
--- xc/programs/xdm/session.c	8 Nov 2005 06:33:31 -0000	1.3
+++ xc/programs/xdm/session.c	5 Jun 2006 10:35:21 -0000
@@ -1,4 +1,4 @@
-/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005-11-08 06:33:31 jkj Exp $ */
+/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005/11/08 06:33:31 jkj Exp $ */
 /* $Xorg: session.c,v 1.8 2001/02/09 02:05:40 xorgcvs Exp $ */
 /*
 
@@ -488,8 +488,14 @@
     else
 	ResetServer (d);
     if (removeAuth) {
-	setgid (verify.gid);
-	setuid (verify.uid);
+	if (setgid (verify.gid) == -1) {
+	    LogError( "SessionExit: setgid: %s\n", strerror(errno));
+	    exit(status);
+	}
+	if (setuid (verify.uid) == -1) {
+	    LogError( "SessionExit: setuid: %s\n", strerror(errno));
+	    exit(status);
+	}
 	RemoveUserAuthorization (d, &verify);
 #ifdef K5AUTH
 	/* do like "kdestroy" program */
Index: xc/programs/xdm/xdmshell.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xdm/xdmshell.c,v
retrieving revision 1.3
diff -u -r1.3 xdmshell.c
--- xc/programs/xdm/xdmshell.c	14 Jul 2005 22:58:25 -0000	1.3
+++ xc/programs/xdm/xdmshell.c	5 Jun 2006 10:35:21 -0000
@@ -183,7 +183,11 @@
 #endif
 
     /* make xdm run in a non-setuid environment */
-    setuid (geteuid());
+    if (setuid (geteuid()) == -1) {
+	fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
+		ProgramName, errno, strerror(errno));
+	exit(1);
+    }
 
     /*
      * exec /usr/bin/X11/xdm -nodaemon -udpPort 0
Index: xc/programs/xf86dga/dga.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xf86dga/dga.c,v
retrieving revision 1.2
diff -u -r1.2 dga.c
--- xc/programs/xf86dga/dga.c	23 Apr 2004 19:54:47 -0000	1.2
+++ xc/programs/xf86dga/dga.c	5 Jun 2006 10:35:21 -0000
@@ -16,6 +16,7 @@
 #include <X11/Xmd.h>
 #include <X11/extensions/xf86dga.h>
 #include <ctype.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <signal.h>
@@ -141,7 +142,10 @@
 
 #ifndef __UNIXOS2__
    /* Give up root privs */
-   setuid(getuid());
+   if (setuid(getuid()) == -1) {
+      fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
+      exit(2);
+   }
 #endif
 
    XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
Index: xc/programs/xinit/xinit.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xinit/xinit.c,v
retrieving revision 1.4
diff -u -r1.4 xinit.c
--- xc/programs/xinit/xinit.c	4 Oct 2005 01:27:34 -0000	1.4
+++ xc/programs/xinit/xinit.c	5 Jun 2006 10:35:21 -0000
@@ -1,5 +1,5 @@
 /* $Xorg: xinit.c,v 1.5 2001/02/09 02:05:49 xorgcvs Exp $ */
-/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005-10-04 01:27:34 ajax Exp $ */
+/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005/10/04 01:27:34 ajax Exp $ */
 
 /*
 
@@ -692,7 +692,10 @@
 startClient(char *client[])
 {
 	if ((clientpid = vfork()) == 0) {
-		setuid(getuid());
+		if (setuid(getuid()) == -1) {
+			Error("cannot change uid: %s\n", strerror(errno));
+			_exit(ERR_EXIT);
+		}
 		setpgrp(0, getpid());
 		environ = newenviron;
 #ifdef __UNIXOS2__
Index: xc/programs/xload/xload.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xload/xload.c,v
retrieving revision 1.2
diff -u -r1.2 xload.c
--- xc/programs/xload/xload.c	23 Apr 2004 19:54:57 -0000	1.2
+++ xc/programs/xload/xload.c	5 Jun 2006 10:35:21 -0000
@@ -34,7 +34,7 @@
  * xload - display system load average in a window
  */
 
-
+#include <errno.h>
 #include <stdio.h> 
 #include <stdlib.h>
 #include <unistd.h>
@@ -162,8 +162,17 @@
     /* For security reasons, we reset our uid/gid after doing the necessary
        system initialization and before calling any X routines. */
     InitLoadPoint();
-    setgid(getgid());		/* reset gid first while still (maybe) root */
-    setuid(getuid());
+    /* reset gid first while still (maybe) root */
+    if (setgid(getgid()) == -1) {
+	    fprintf(stderr, "%s: setgid failed: %s\n", 
+		ProgramName, strerror(errno));
+	    exit(1);
+    }
+    if (setuid(getuid()) == -1) {
+	    fprintf(stderr, "%s: setuid failed: %s\n", 
+		ProgramName, strerror(errno));
+	    exit(1);
+    }
 
     XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
 
Index: xc/programs/xterm/main.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xterm/main.c,v
retrieving revision 1.8
diff -u -r1.8 main.c
--- xc/programs/xterm/main.c	14 Dec 2005 23:28:27 -0000	1.8
+++ xc/programs/xterm/main.c	5 Jun 2006 10:35:22 -0000
@@ -1592,8 +1592,10 @@
     Window winToEmbedInto = None;
 
 #ifdef DISABLE_SETUID
-    seteuid(getuid());
-    setuid(getuid());
+    if (seteuid(getuid()) == -1)
+	    exit(2);
+    if (setuid(getuid()) == -1)
+	    exit(2);
 #endif
 
     ProgramName = argv[0];
@@ -1619,8 +1621,16 @@
 
 #if defined(USE_UTMP_SETGID)
     get_pty(NULL, NULL);
-    seteuid(getuid());
-    setuid(getuid());
+    if (seteuid(getuid()) == -1) {
+           fprintf(stderr,
+               "%s: unable to change back euid\n", ProgramName);
+           exit(1);
+    }
+    if (setuid(getuid()) == -1) {
+           fprintf(stderr,
+               "%s: unable to change back uid\n", ProgramName);
+           exit(1);
+    }
 #define get_pty(pty, from) really_get_pty(pty, from)
 #endif
 
Index: xc/programs/xterm/misc.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xterm/misc.c,v
retrieving revision 1.6
diff -u -r1.6 misc.c
--- xc/programs/xterm/misc.c	14 Dec 2005 23:28:27 -0000	1.6
+++ xc/programs/xterm/misc.c	5 Jun 2006 10:35:22 -0000
@@ -1094,8 +1094,10 @@
     pid = fork();
     switch (pid) {
     case 0:			/* child */
-	setgid(gid);
-	setuid(uid);
+	if (setgid(gid) == -1)
+	    _exit(ERROR_SETUID);
+	if (setuid(uid) == -1) 
+	    _exit(ERROR_SETUID);
 	fd = open(pathname,
 		  O_WRONLY | O_CREAT | (append ? O_APPEND : O_EXCL),
 		  mode);
@@ -1262,8 +1264,10 @@
 	    signal(SIGCHLD, SIG_DFL);
 
 	    /* (this is redundant) */
-	    setgid(screen->gid);
-	    setuid(screen->uid);
+	    if (setgid(screen->gid) == -1)
+		exit(ERROR_SETUID);
+	    if (setuid(screen->uid) == -1)
+		exit(ERROR_SETUID);
 
 	    execl(shell, shell, "-c", &screen->logfile[1], (void *) 0);
 
Index: xc/programs/xterm/print.c
===================================================================
RCS file: /cvs/xorg/xc/programs/xterm/print.c,v
retrieving revision 1.5
diff -u -r1.5 print.c
--- xc/programs/xterm/print.c	5 Aug 2005 16:13:04 -0000	1.5
+++ xc/programs/xterm/print.c	5 Jun 2006 10:35:22 -0000
@@ -387,9 +387,11 @@
 		dup2(fileno(stderr), 2);
 		close(fileno(stderr));
 	    }
-
-	    setgid(screen->gid);	/* don't want privileges! */
-	    setuid(screen->uid);
+	    /* don't want privileges! */
+	    if (setgid(screen->gid) == -1)
+		    exit(2);
+	    if (setuid(screen->uid) == -1)
+		    exit(2);
 
 	    Printer = popen(screen->printer_command, "w");
 	    input = fdopen(my_pipe[0], "r");
Commit	Line	Data
af24db87 ER	1	Index: xc/config/util/chownxterm.c
	2	===================================================================
	3	RCS file: /cvs/xorg/xc/config/util/chownxterm.c,v
	4	retrieving revision 1.1.1.1
	5	diff -u -r1.1.1.1 chownxterm.c
	6	--- xc/config/util/chownxterm.c 14 Nov 2003 16:48:20 -0000 1.1.1.1
	7	+++ xc/config/util/chownxterm.c 5 Jun 2006 10:35:10 -0000
	8	@@ -41,8 +41,10 @@
	9
	10	void help()
	11	{
	12	- setgid(getgid());
	13	- setuid(getuid());
	14	+ if (setgid(getgid()) == -1)
	15	+ exit(1);
	16	+ if (setuid(getuid()) == -1)
	17	+ exit(1);
	18	printf("chown-xterm makes %s suid root\n", XTERM_PATH);
	19	printf("This is necessary on Ultrix for /dev/tty operation.\n");
	20	exit(0);
	21	@@ -51,8 +53,10 @@
	22	void print_error(err_string)
	23	char *err_string;
	24	{
	25	- setgid(getgid());
	26	- setuid(getuid());
	27	+ if (setgid(getgid()) == -1)
	28	+ exit(1);
	29	+ if (setuid(getuid()) == -1)
	30	+ exit(1);
	31	fprintf(stderr, "%s: \"%s\"", prog_name, err_string);
	32	perror(" failed");
	33	exit(1);
	34	Index: xc/lib/X11/lcFile.c
	35	===================================================================
	36	RCS file: /cvs/xorg/xc/lib/X11/lcFile.c,v
	37	retrieving revision 1.6
	38	diff -u -r1.6 lcFile.c
	39	--- xc/lib/X11/lcFile.c 13 May 2005 22:53:44 -0000 1.6
	40	+++ xc/lib/X11/lcFile.c 5 Jun 2006 10:35:14 -0000
	41	@@ -269,7 +269,11 @@
	42	if (seteuid(0) != 0) {
	43	priv = 0;
	44	} else {
	45	- seteuid(oldeuid);
	46	+ if (seteuid(oldeuid) == -1) {
	47	+ /* XXX ouch, coudn't get back to original uid
	48	+ what can we do ??? */
	49	+ _exit(127);
	50	+ }
	51	priv = 1;
	52	}
	53	#endif
	54	Index: xc/lib/xtrans/Xtranslcl.c
	55	===================================================================
	56	RCS file: /cvs/xorg/xc/lib/xtrans/Xtranslcl.c,v
	57	retrieving revision 1.4
	58	diff -u -r1.4 Xtranslcl.c
	59	--- xc/lib/xtrans/Xtranslcl.c 8 Nov 2005 06:33:26 -0000 1.4
	60	+++ xc/lib/xtrans/Xtranslcl.c 5 Jun 2006 10:35:15 -0000
	61	@@ -360,7 +360,10 @@
	62	uid_t saved_euid;
	63
	64	saved_euid = geteuid();
65	- setuid( getuid() ); / sets the euid to the actual/real uid /
66	+ / sets the euid to the actual/real uid /
67	+ if (setuid( getuid() ) == -1) {
68	+ exit(1);
69	+ }
70	if( chown( slave, saved_euid, -1 ) < 0 ) {
71	exit( 1 );
72	}
73	@@ -369,7 +372,13 @@
74	}
75
76	waitpid(saved_pid, &exitval, 0);
77	-
78	+ if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
79	+ close(fd);
80	+ close(server);
81	+ PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
82	+ slave, 0, 0);
83	+ return(-1);
84	+ }
85	if (chmod(slave, 0666) < 0) {
86	close(fd);
87	close(server);
88	Index: xc/programs/Xserver/hw/xfree86/common/xf86Init.c
89	===================================================================
90	RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v
91	retrieving revision 1.29
92	diff -u -r1.29 xf86Init.c
2d07cbe4 ER	93	--- xc/programs/Xserver/hw/xfree86/common/xf86Init.c 14 Dec 2005 20:12:00 -0000 1.29
	94	+++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c 5 Jun 2006 10:35:19 -0000
	95	@@ -1,5 +1,5 @@
	96	/* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */
	97	-/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005-12-14 20:12:00 ajax Exp $ */
	98	+/* $XdotOrg: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:12:00 ajax Exp $ */
	99
	100	/*
	101	* Loosely based on code bearing the following copyright:
	102	@@ -1905,7 +1905,11 @@
	103	FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
	104	break;
	105	case 0: /* child */
	106	- setuid(getuid());
	107	+ if (setuid(getuid()) == -1) {
	108	+ xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
	109	+ strerror(errno));
	110	+ exit(255);
	111	+ }
	112	/* set stdin, stdout to the consoleFd */
	113	for (i = 0; i < 2; i++) {
	114	if (xf86Info.consoleFd != i) {
af24db87 ER	115	Index: xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c
	116	===================================================================
	117	RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c,v
	118	retrieving revision 1.9
	119	diff -u -r1.9 libc_wrapper.c
2d07cbe4 ER	120	--- xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 3 Jul 2005 08:53:48 -0000 1.9
	121	+++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c 5 Jun 2006 10:35:19 -0000
	122	@@ -1270,7 +1270,10 @@
	123	#ifndef SELF_CONTAINED_WRAPPER
	124	xf86DisableIO();
	125	#endif
	126	- setuid(getuid());
	127	+ if (setuid(getuid()) == -1) {
	128	+ ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
	129	+ exit(255);
	130	+ }
	131	#if !defined(SELF_CONTAINED_WRAPPER)
	132	/* set stdin, stdout to the consoleFD, and leave stderr alone */
	133	for (i = 0; i < 2; i++)
af24db87 ER	134	Index: xc/programs/Xserver/hw/xfree86/parser/write.c
	135	===================================================================
	136	RCS file: /cvs/xorg/xc/programs/Xserver/hw/xfree86/parser/write.c,v
	137	retrieving revision 1.3
	138	diff -u -r1.3 write.c
2d07cbe4 ER	139	--- xc/programs/Xserver/hw/xfree86/parser/write.c 3 Jul 2005 07:01:37 -0000 1.3
	140	+++ xc/programs/Xserver/hw/xfree86/parser/write.c 5 Jun 2006 10:35:19 -0000
	141	@@ -170,7 +170,10 @@
	142	strerror(errno));
	143	return 0;
	144	case 0: /* child */
	145	- setuid(getuid());
	146	+ if (setuid(getuid() == -1)
	147	+ FatalError("xf86writeConfigFile(): "
	148	+ "setuid failed(%s)\n",
	149	+ strerror(errno));
	150	ret = doWriteConfigFile(filename, cptr);
	151	exit(ret);
	152	break;
af24db87 ER	153	Index: xc/programs/Xserver/os/utils.c
	154	===================================================================
	155	RCS file: /cvs/xorg/xc/programs/Xserver/os/utils.c,v
	156	retrieving revision 1.21
	157	diff -u -r1.21 utils.c
2d07cbe4 ER	158	--- xc/programs/Xserver/os/utils.c 8 Nov 2005 06:33:30 -0000 1.21
	159	+++ xc/programs/Xserver/os/utils.c 5 Jun 2006 10:35:20 -0000
	160	@@ -1,4 +1,4 @@
	161	-/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005-11-08 06:33:30 jkj Exp $ */
	162	+/* $XdotOrg: xc/programs/Xserver/os/utils.c,v 1.21 2005/11/08 06:33:30 jkj Exp $ */
	163	/* $Xorg: utils.c,v 1.5 2001/02/09 02:05:24 xorgcvs Exp $ */
	164	/*
	165
	166	@@ -1718,8 +1718,10 @@
	167	case -1: /* error */
	168	p = -1;
	169	case 0: /* child */
	170	- setgid(getgid());
	171	- setuid(getuid());
	172	+ if (setgid(getgid()) == -1)
	173	+ _exit(127);
	174	+ if (setuid(getuid()) == -1)
	175	+ _exit(127);
	176	execl("/bin/sh", "sh", "-c", command, (char *)NULL);
	177	_exit(127);
	178	default: /* parent */
	179	@@ -1770,8 +1772,10 @@
	180	xfree(cur);
	181	return NULL;
	182	case 0: /* child */
	183	- setgid(getgid());
	184	- setuid(getuid());
	185	+ if (setgid(getgid()) == -1)
	186	+ _exit(127);
	187	+ if (setuid(getuid()) == -1)
	188	+ _exit(127);
	189	if (*type == 'r') {
	190	if (pdes[1] != 1) {
	191	/* stdout */
	192	@@ -1845,8 +1849,10 @@
	193	xfree(cur);
	194	return NULL;
	195	case 0: /* child */
	196	- setgid(getgid());
	197	- setuid(getuid());
	198	+ if (setgid(getgid()) == -1)
	199	+ _exit(127);
	200	+ if (setuid(getuid()) == -1)
	201	+ _exit(127);
	202	if (*type == 'r') {
	203	if (pdes[1] != 1) {
	204	/* stdout */
af24db87 ER	205	Index: xc/programs/xdm/session.c
	206	===================================================================
	207	RCS file: /cvs/xorg/xc/programs/xdm/session.c,v
	208	retrieving revision 1.3
	209	diff -u -r1.3 session.c
2d07cbe4 ER	210	--- xc/programs/xdm/session.c 8 Nov 2005 06:33:31 -0000 1.3
	211	+++ xc/programs/xdm/session.c 5 Jun 2006 10:35:21 -0000
	212	@@ -1,4 +1,4 @@
	213	-/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005-11-08 06:33:31 jkj Exp $ */
	214	+/* $XdotOrg: xc/programs/xdm/session.c,v 1.3 2005/11/08 06:33:31 jkj Exp $ */
	215	/* $Xorg: session.c,v 1.8 2001/02/09 02:05:40 xorgcvs Exp $ */
	216	/*
	217
	218	@@ -488,8 +488,14 @@
	219	else
	220	ResetServer (d);
	221	if (removeAuth) {
	222	- setgid (verify.gid);
	223	- setuid (verify.uid);
	224	+ if (setgid (verify.gid) == -1) {
	225	+ LogError( "SessionExit: setgid: %s\n", strerror(errno));
	226	+ exit(status);
	227	+ }
	228	+ if (setuid (verify.uid) == -1) {
	229	+ LogError( "SessionExit: setuid: %s\n", strerror(errno));
	230	+ exit(status);
	231	+ }
	232	RemoveUserAuthorization (d, &verify);
	233	#ifdef K5AUTH
	234	/* do like "kdestroy" program */
af24db87 ER	235	Index: xc/programs/xdm/xdmshell.c
	236	===================================================================
	237	RCS file: /cvs/xorg/xc/programs/xdm/xdmshell.c,v
	238	retrieving revision 1.3
	239	diff -u -r1.3 xdmshell.c
2d07cbe4 ER	240	--- xc/programs/xdm/xdmshell.c 14 Jul 2005 22:58:25 -0000 1.3
	241	+++ xc/programs/xdm/xdmshell.c 5 Jun 2006 10:35:21 -0000
	242	@@ -183,7 +183,11 @@
	243	#endif
	244
	245	/* make xdm run in a non-setuid environment */
	246	- setuid (geteuid());
	247	+ if (setuid (geteuid()) == -1) {
	248	+ fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
	249	+ ProgramName, errno, strerror(errno));
	250	+ exit(1);
	251	+ }
	252
	253	/*
	254	* exec /usr/bin/X11/xdm -nodaemon -udpPort 0
af24db87 ER	255	Index: xc/programs/xf86dga/dga.c
	256	===================================================================
	257	RCS file: /cvs/xorg/xc/programs/xf86dga/dga.c,v
	258	retrieving revision 1.2
	259	diff -u -r1.2 dga.c
2d07cbe4 ER	260	--- xc/programs/xf86dga/dga.c 23 Apr 2004 19:54:47 -0000 1.2
	261	+++ xc/programs/xf86dga/dga.c 5 Jun 2006 10:35:21 -0000
	262	@@ -16,6 +16,7 @@
	263	#include <X11/Xmd.h>
	264	#include <X11/extensions/xf86dga.h>
	265	#include <ctype.h>
	266	+#include <errno.h>
	267	#include <stdio.h>
	268	#include <stdlib.h>
	269	#include <signal.h>
	270	@@ -141,7 +142,10 @@
	271
	272	#ifndef __UNIXOS2__
	273	/* Give up root privs */
	274	- setuid(getuid());
	275	+ if (setuid(getuid()) == -1) {
	276	+ fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
	277	+ exit(2);
	278	+ }
	279	#endif
	280
	281	XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
af24db87 ER	282	Index: xc/programs/xinit/xinit.c
	283	===================================================================
	284	RCS file: /cvs/xorg/xc/programs/xinit/xinit.c,v
	285	retrieving revision 1.4
	286	diff -u -r1.4 xinit.c
2d07cbe4 ER	287	--- xc/programs/xinit/xinit.c 4 Oct 2005 01:27:34 -0000 1.4
	288	+++ xc/programs/xinit/xinit.c 5 Jun 2006 10:35:21 -0000
	289	@@ -1,5 +1,5 @@
	290	/* $Xorg: xinit.c,v 1.5 2001/02/09 02:05:49 xorgcvs Exp $ */
	291	-/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005-10-04 01:27:34 ajax Exp $ */
	292	+/* $XdotOrg: xc/programs/xinit/xinit.c,v 1.4 2005/10/04 01:27:34 ajax Exp $ */
	293
	294	/*
	295
	296	@@ -692,7 +692,10 @@
	297	startClient(char *client[])
	298	{
	299	if ((clientpid = vfork()) == 0) {
	300	- setuid(getuid());
	301	+ if (setuid(getuid()) == -1) {
	302	+ Error("cannot change uid: %s\n", strerror(errno));
	303	+ _exit(ERR_EXIT);
	304	+ }
	305	setpgrp(0, getpid());
	306	environ = newenviron;
	307	#ifdef __UNIXOS2__
af24db87 ER	308	Index: xc/programs/xload/xload.c
	309	===================================================================
	310	RCS file: /cvs/xorg/xc/programs/xload/xload.c,v
	311	retrieving revision 1.2
	312	diff -u -r1.2 xload.c
2d07cbe4 ER	313	--- xc/programs/xload/xload.c 23 Apr 2004 19:54:57 -0000 1.2
	314	+++ xc/programs/xload/xload.c 5 Jun 2006 10:35:21 -0000
	315	@@ -34,7 +34,7 @@
	316	* xload - display system load average in a window
	317	*/
	318
	319	-
	320	+#include <errno.h>
	321	#include <stdio.h>
	322	#include <stdlib.h>
	323	#include <unistd.h>
	324	@@ -162,8 +162,17 @@
	325	/* For security reasons, we reset our uid/gid after doing the necessary
	326	system initialization and before calling any X routines. */
	327	InitLoadPoint();
	328	- setgid(getgid()); /* reset gid first while still (maybe) root */
	329	- setuid(getuid());
	330	+ /* reset gid first while still (maybe) root */
	331	+ if (setgid(getgid()) == -1) {
	332	+ fprintf(stderr, "%s: setgid failed: %s\n",
	333	+ ProgramName, strerror(errno));
	334	+ exit(1);
	335	+ }
	336	+ if (setuid(getuid()) == -1) {
	337	+ fprintf(stderr, "%s: setuid failed: %s\n",
	338	+ ProgramName, strerror(errno));
	339	+ exit(1);
	340	+ }
	341
	342	XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
	343
af24db87 ER	344	Index: xc/programs/xterm/main.c
	345	===================================================================
	346	RCS file: /cvs/xorg/xc/programs/xterm/main.c,v
	347	retrieving revision 1.8
	348	diff -u -r1.8 main.c
2d07cbe4 ER	349	--- xc/programs/xterm/main.c 14 Dec 2005 23:28:27 -0000 1.8
	350	+++ xc/programs/xterm/main.c 5 Jun 2006 10:35:22 -0000
	351	@@ -1592,8 +1592,10 @@
	352	Window winToEmbedInto = None;
	353
	354	#ifdef DISABLE_SETUID
	355	- seteuid(getuid());
	356	- setuid(getuid());
	357	+ if (seteuid(getuid()) == -1)
	358	+ exit(2);
	359	+ if (setuid(getuid()) == -1)
	360	+ exit(2);
	361	#endif
	362
	363	ProgramName = argv[0];
	364	@@ -1619,8 +1621,16 @@
	365
	366	#if defined(USE_UTMP_SETGID)
	367	get_pty(NULL, NULL);
	368	- seteuid(getuid());
	369	- setuid(getuid());
	370	+ if (seteuid(getuid()) == -1) {
	371	+ fprintf(stderr,
	372	+ "%s: unable to change back euid\n", ProgramName);
	373	+ exit(1);
	374	+ }
	375	+ if (setuid(getuid()) == -1) {
	376	+ fprintf(stderr,
	377	+ "%s: unable to change back uid\n", ProgramName);
	378	+ exit(1);
	379	+ }
	380	#define get_pty(pty, from) really_get_pty(pty, from)
	381	#endif
	382
af24db87 ER	383	Index: xc/programs/xterm/misc.c
	384	===================================================================
	385	RCS file: /cvs/xorg/xc/programs/xterm/misc.c,v
	386	retrieving revision 1.6
	387	diff -u -r1.6 misc.c
2d07cbe4 ER	388	--- xc/programs/xterm/misc.c 14 Dec 2005 23:28:27 -0000 1.6
	389	+++ xc/programs/xterm/misc.c 5 Jun 2006 10:35:22 -0000
	390	@@ -1094,8 +1094,10 @@
	391	pid = fork();
	392	switch (pid) {
	393	case 0: /* child */
	394	- setgid(gid);
	395	- setuid(uid);
	396	+ if (setgid(gid) == -1)
	397	+ _exit(ERROR_SETUID);
	398	+ if (setuid(uid) == -1)
	399	+ _exit(ERROR_SETUID);
	400	fd = open(pathname,
	401	O_WRONLY \| O_CREAT \| (append ? O_APPEND : O_EXCL),
	402	mode);
	403	@@ -1262,8 +1264,10 @@
	404	signal(SIGCHLD, SIG_DFL);
	405
	406	/* (this is redundant) */
	407	- setgid(screen->gid);
	408	- setuid(screen->uid);
	409	+ if (setgid(screen->gid) == -1)
	410	+ exit(ERROR_SETUID);
	411	+ if (setuid(screen->uid) == -1)
	412	+ exit(ERROR_SETUID);
	413
	414	execl(shell, shell, "-c", &screen->logfile[1], (void *) 0);
	415
af24db87 ER	416	Index: xc/programs/xterm/print.c
	417	===================================================================
	418	RCS file: /cvs/xorg/xc/programs/xterm/print.c,v
	419	retrieving revision 1.5
	420	diff -u -r1.5 print.c
2d07cbe4 ER	421	--- xc/programs/xterm/print.c 5 Aug 2005 16:13:04 -0000 1.5
	422	+++ xc/programs/xterm/print.c 5 Jun 2006 10:35:22 -0000
	423	@@ -387,9 +387,11 @@
	424	dup2(fileno(stderr), 2);
	425	close(fileno(stderr));
	426	}
	427	-
	428	- setgid(screen->gid); /* don't want privileges! */
	429	- setuid(screen->uid);
	430	+ /* don't want privileges! */
	431	+ if (setgid(screen->gid) == -1)
	432	+ exit(2);
	433	+ if (setuid(screen->uid) == -1)
	434	+ exit(2);
	435
	436	Printer = popen(screen->printer_command, "w");
	437	input = fdopen(my_pipe[0], "r");