It's vital to check the return result of seteuid, especially when the caller is
UID 0; the call can be made to fail by an attacker, causing a root escalation
vulnerability.
http://man7.org/linux/man-pages/man2/seteuid.2.html says:
On success, zero is returned. On error, -1 is returned, and errno is
set appropriately.
Note: there are cases where seteuid() can fail even when the caller
is UID 0; it is a grave security error to omit checking for a failure
return from seteuid().
A grep shows the following line numbers:
fbshell.cpp:562
vesadev.cpp:130
vesadev.cpp:287
input.cpp:168
These locations all have vulnerable seteuid(getuid()) calls.
Original issue reported on code.google.com by cwi...@gmail.com on 28 May 2015 at 12:49
Original issue reported on code.google.com by
cwi...@gmail.comon 28 May 2015 at 12:49