* libmisc/root_flag.c: Drop privileges before changing root. The

--root option should not be used by regular users for suid utils.
	* libmisc/root_flag.c: Improve error messages.

ChangeLog

@@ -1,3 +1,9 @@
+2011-11-11  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* libmisc/root_flag.c: Drop privileges before changing root. The
+	--root option should not be used by regular users for suid utils.
+	* libmisc/root_flag.c: Improve error messages.
+
 2011-11-11  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/pwck.c: Compile fix for TCB.

libmisc/root_flag.c

@@ -83,6 +83,14 @@ extern void process_root_flag (const char* short_opt, int argc, char **argv)
 
 static void change_root (const char* newroot)
 {
+	/* Drop privileges */
+	if (   (setregid (rgid, rgid) != 0)
+	    || (setreuid (ruid, ruid) != 0)) {
+		fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
+		         Prog, strerror (errno));
+		exit (EXIT_FAILURE);
+	}
+
 	if ('/' != newroot[0]) {
 		fprintf (stderr,
 		         _("%s: invalid chroot path '%s'\n"),
@@ -92,14 +100,14 @@ static void change_root (const char* newroot)
 
 	if (access (newroot, F_OK) != 0) {
 		fprintf(stderr,
-		        _("%s: chroot directory %s does not exist\n"),
-		        Prog, newroot);
+		        _("%s: cannot access chroot directory %s: %s\n"),
+		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 	if (chroot (newroot) != 0) {
 		fprintf(stderr,
-		        _("%s: unable to chroot to directory %s\n"),
-		        Prog, newroot);
+		        _("%s: unable to chroot to directory %s: %s\n"),
+		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
 }