You are not logged in.
Pages: 1
You're right that it's always a good idea to check return values, especially for something important like setuid(), where its failure will leave you running with an unexpected UID... In practice, if you start off as root, the setuid() is likely going to always work anyway, but it sure can't hurt to make sure! Since it's a macro, it's easy enough to add the checking right there and all callers will automatically get the checking without needing to change them all... You presumably just want to die with a fatal error if the setuid()/setgid() fails...
(In actual practice, no one checks the return value from EVERYTHING, though... Eg: nearly everyone ignores the return value from printf() and friends, as well as from close()... If you can't figure out what you should do in the case something fails, there's not much point in checking for failure... Seriously, what are you going to do if close() fails? Keep retrying forever? Die with a fatal error? That's hardly an improvement over just silently carrying on with a possibly unclosed file descriptor... Maybe logging it and carrying on is best, but in practice how much real good is that logging going to do?)
Offline
Well, the benefit of a macro over inline code is the same benefit of using a function in place of inline code: code reduction and cleaner codebase... Anything that's done multiple times throughout your codebase and which takes multiple lines of code to do each time is a good candidate for breaking out into a separate function or macro... That way you can be sure all places are using the same exact code, and if you should ever need to change it, you only need change the one location (function definition or macro definition) and all callers get the changes automatically...
As for what I mean, I mean just add the return value checking to the existing macro definition... Eg:
#define SET_GUID() do \
{ \
if (setgid(real_gid)) die ("setgid(): %s", strerror (errno)); \
if (setuid(real_uid)) die ("setuid(): %s", strerror (errno)); \
eff_uid = real_uid; \
eff_gid = real_gid; \
} while (0)Where die() is some function that logs an error message and exits...
Offline
Pages: 1