Submitted by: Damon Harper <address@hidden>
Date: 2006-08-28
Summary: Check for errors in comsatd change_user and exit if anything fails

In the change_user function of comsatd, no checks were performed on
the exit values of setgid, setuid and chdir.  This could theoretically
lead to privilege escalation if setuid or setgid fails.  With this
patch, comsatd will exit if one of these commands fails.

--- mailutils-1.0.orig/comsat/comsat.c	2005-09-30 03:41:07.000000000 -0700
+++ mailutils-1.0/comsat/comsat.c	2006-08-27 14:17:16.000000000 -0700
@@ -583,9 +583,21 @@
       exit (1);
     }
 
-  setgid (pw->pw_gid);
-  setuid (pw->pw_uid);
-  chdir (pw->pw_dir);
+  if (setgid (pw->pw_gid))
+    {
+      syslog (LOG_CRIT, _("Cannot set GID %d for user %s: %m"), pw->pw_gid, user);
+      exit (1);
+    }
+  if (setuid (pw->pw_uid))
+    {
+      syslog (LOG_CRIT, _("Cannot set UID %d for user %s: %m"), pw->pw_uid, user);
+      exit (1);
+    }
+  if(chdir (pw->pw_dir))
+    {
+      syslog (LOG_CRIT, _("Cannot chdir to %s for user %s: %m"), pw->pw_dir, user);
+      exit (1);
+    }
   username = user;
 }