Only seteuid/setegid if they differ from current values

According to seteuid(2):

       According to POSIX.1, seteuid() (setegid()) need not permit euid (egid)
       to be the same value as the current effective user (group) ID, and some
       implementations do not permit this.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>

diff --git a/librunas/runas.c b/librunas/runas.c
index cbb70ee193469dfe35439b8735fcbdda9ebad938..1fc4116255b017ddeed25a2fa5dae414931b1e84 100644 (file)
--- a/librunas/runas.c
+++ b/librunas/runas.c
@@ -148,15 +148,19 @@ int child_run_as(void *_data)
         * cannot attach to this process with, e.g. ptrace, nor map this
         * process memory.
         */
-       ret = setegid(data->gid);
-       if (ret < 0) {
-               perror("setegid");
-               exit(EXIT_FAILURE);
+       if (data->gid != getegid()) {
+               ret = setegid(data->gid);
+               if (ret < 0) {
+                       perror("setegid");
+                       exit(EXIT_FAILURE);
+               }
        }
-       ret = seteuid(data->uid);
-       if (ret < 0) {
-               perror("seteuid");
-               exit(EXIT_FAILURE);
+       if (data->uid != geteuid()) {
+               ret = seteuid(data->uid);
+               if (ret < 0) {
+                       perror("seteuid");
+                       exit(EXIT_FAILURE);
+               }
        }
        /*
         * Also set umask to 0 for mkdir executable bit.