On Mon, Mar 24, 2014 at 03:19:59PM +0000, Joseph S. Myers wrote:
On Mon, 24 Mar 2014, Florian Weimer wrote:
Check for syscall error in the SETXID implementation in NPTL (bug 13347).
At this point, we can only abort the process because we have already switched
credentials on other threads. Returning an error would still leave the
process in an inconsistent state.
This may be the best possible in the absence of a kernel interface for
setting ids atomically for the whole process, but such an interface would
be the desired long-term fix, with aborting from the present code just a
fallback - is there ongoing work to agree such an interface?
Are you sure you can't make it so that all setuid calls but the first
can't fail?