From 1576d5822eea6a740b4bb26a2709c4ace248006e Mon Sep 17 00:00:00 2001
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Wed, 21 Dec 2011 10:42:51 -0500
Subject: [PATCH] Only seteuid/setegid if they differ from current values

According to seteuid(2):

       According to POSIX.1, seteuid() (setegid()) need not permit euid (egid)
       to be the same value as the current effective user (group) ID, and some
       implementations do not permit this.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 librunas/runas.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/librunas/runas.c b/librunas/runas.c
index cbb70ee19..1fc411625 100644
--- a/librunas/runas.c
+++ b/librunas/runas.c
@@ -148,15 +148,19 @@ int child_run_as(void *_data)
 	 * cannot attach to this process with, e.g. ptrace, nor map this
 	 * process memory.
 	 */
-	ret = setegid(data->gid);
-	if (ret < 0) {
-		perror("setegid");
-		exit(EXIT_FAILURE);
+	if (data->gid != getegid()) {
+		ret = setegid(data->gid);
+		if (ret < 0) {
+			perror("setegid");
+			exit(EXIT_FAILURE);
+		}
 	}
-	ret = seteuid(data->uid);
-	if (ret < 0) {
-		perror("seteuid");
-		exit(EXIT_FAILURE);
+	if (data->uid != geteuid()) {
+		ret = seteuid(data->uid);
+		if (ret < 0) {
+			perror("seteuid");
+			exit(EXIT_FAILURE);
+		}
 	}
 	/*
 	 * Also set umask to 0 for mkdir executable bit.
-- 
2.34.1