From bf2ace8a83718da3e6bcc201db2a49844b5a3a22 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 8 Jun 2000 18:08:06 +0000
Subject: [PATCH] See ChangeLog: Thu Jun  8 20:22:00 CEST 2000  Werner Koch

---
 util/ChangeLog | 4 ++++
 util/secmem.c  | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/util/ChangeLog b/util/ChangeLog
index c6d64aa6a..48d216e74 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jun  8 20:22:00 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * secmem.c (lock_pool,secmem_init): Additional check for dropped privs.
+
 Tue May 30 16:37:55 CEST 2000  Werner Koch  <wk@openit.de>
 
   * iobuf.c (iobuf_cancel): Fix for MSDOS.
diff --git a/util/secmem.c b/util/secmem.c
index 54836cbcf..8b80370c1 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -128,7 +128,9 @@ lock_pool( void *p, size_t n )
   #endif
 
     if( uid && !geteuid() ) {
-	if( setuid( uid ) || getuid() != geteuid()  )
+	/* check that we really dropped the privs.
+	 * Note: setuid(0) should always fail */
+	if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
 	    log_fatal("failed to reset uid: %s\n", strerror(errno));
     }
 
@@ -260,7 +262,7 @@ secmem_init( size_t n )
 	disable_secmem=1;
 	uid = getuid();
 	if( uid != geteuid() ) {
-	    if( setuid( uid ) || getuid() != geteuid() )
+	    if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
 		log_fatal("failed to drop setuid\n" );
 	}
       #endif