Wolfgang Solfrank wrote:
> BTW, people keep arguing that a problem with using these library
> functions is that they cannot rely on the caller to not have switched
> the user (or group) ID before calling the library function.  Huh?
> Just document it that the caller mustn't call the function with switched
> IDs and be done with it.  It sure isn't possible for the average user
> to switch IDs and cause library functions to be called arbitrarily in
> an executable he doesn't own, or is it?  And if it is, you are lost
> anyway, are you not?

There is the problem with setreuid(), which can cause the "real" id
is switched with effective id, so it's no longer possible to find
out "real" real id. Some people think we should babysit
broken suid programs which use the syscall.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@