Re: [PATCH] Silence compilation warnings about setuid, setgid

[Eitan Adler <lists@xxxxxxxxxxxxxx>]

On 7 May 2018 at 04:18, Sebastian Gniazdowski <sgniazdowski@xxxxxxxxx> wrote:
> Hello,
> on a Linux box I see:
> Looking at the source, the reported calls are "extra" ones, they are
> followed by proper setuid, setgid calls. I've found some way out from this
> situation, of using the report value and reporting it (gmail paste, proper
> patch is attached):
>

>  #ifdef HAVE_SETUID
> -       setuid(getuid());
> -       setgid(getgid());

While we're touching this code can we please correct the order of
setuid and setgid?

setgid must be called before setuid. If setuid is called first, on
some platforms, it no longer has privs to call setgid aymore.

See https://wiki.sei.cmu.edu/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
for additional details


-- 
Eitan Adler