Results of setegid()/setegid() not checked
Hello,
It seems tha the results of setegid()/setegid() are not checked:
cups.c: In function ‘_cph_cups_set_effective_id’:
cups.c:582:25: error: ignoring return value of ‘setegid’, declared with attribute warn_unused_result [-Werror=unused-result]
582 | setegid (getgid ());
| ^~~~~~~~~~~~~~~~~~~
cups.c:592:25: error: ignoring return value of ‘setegid’, declared with attribute warn_unused_result [-Werror=unused-result]
592 | setegid (getgid ());
| ^~~~~~~~~~~~~~~~~~~
cups.c: In function ‘_cph_cups_reset_effective_id’:
cups.c:610:9: error: ignoring return value of ‘seteuid’, declared with attribute warn_unused_result [-Werror=unused-result]
610 | seteuid (getuid ());
| ^~~~~~~~~~~~~~~~~~~
cups.c:611:9: error: ignoring return value of ‘setegid’, declared with attribute warn_unused_result [-Werror=unused-result]
611 | setegid (getgid ());
| ^~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
According to the man page this is a grave security error:
Note: there are cases where seteuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from seteuid().