On Wed, Jan 20, 2010 at 8:19 PM, pqf <p...@mailtech.cn> wrote: > I man seteuid in my Linux box, there are two types of errors: > ERRORS > The seteuid() function shall fail if: > > EINVAL The value of the uid argument is invalid and is not supported by > the implementation. > > EPERM The process does not have appropriate privileges and uid does > not match the real group ID or the saved set-group- > ID. > > If directly pass 0 in setuid(), EINVAL may not happend > If this process is seteuid from root, EPERM may not happend > > so, I think the check is just a textbook logic check?
yes, until somebody changes code or some other bug results in this being called in a different environment > just call _exit(1) if it fail? two concerns with that minimal change: 1. seteuid() works once then fails n times now (at least on Solaris), so some extra logic is needed 2. even if these calls never fail, the presence of the exit() without a log message may cause somebody to lose a lot of time investigating a mysterious disappearance of the new process --/-- I'll punt on this until after 2.3.5 since I'd like to spend the time to watch it work on another platform or two. (suexec is not something I use more than once every ~3 years, so it is worth setting up in multiple environments.)