On 11/15/2011 09:59 AM, Paul Eggert wrote: > On 11/15/11 05:07, Ludovic Courtès wrote: > >> On GNU/Hurd, no error would ever be raised (since uid_t is unsigned), > > Ouch. Thanks, now I understand Roland's suggestion. > How about this patch instead?
> else
> {
> + /* POSIX says getuid etc. cannot fail, but they can fail under
> + GNU/Hurd and a few other systems. Test for failure by
> + checking errno. */
> + uid_t NO_UID = -1;
> + gid_t NO_GID = -1;
> +
> + errno = 0;
> euid = geteuid ();
> - if (GETID_MAY_FAIL && euid == -1 && !use_real
> + if (euid == NO_UID && errno && !use_real
> && !just_group && !just_group_list && !just_context)
> error (EXIT_FAILURE, errno, _("cannot get effective UID"));
>
Still debatable. POSIX explicitly states that the condition of errno
after a successful call to a standardized function is unspecified; that
is, a successful geteuid() may pollute errno, but it's okay, because the
user shouldn't be inspecting errno after geteuid().
It might be worth proposing a change to POSIX to require that geteuid()
and friends leave errno unchanged on success (in order to allow for the
GNU extension of setting errno on failure, even though POSIX did not
reserve a specific value for failure); I'll pursue that course.
But I like this version better than any previous one about trying to
reject result < 0.
--
Eric Blake ebl...@redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
