In article <19990727014200.A23023@marvin.ece.utexas.edu>,
Brian C. Grayson <bgrayson@marvin.ece.utexas.edu> wrote:
>
>  Would it make sense to weaken the set*id() calls to the
>following:
>
>  If uid (of the mount_portal child) == 0, lower our credentials
>    (including setgroups()) to those of the calling process,
>    i.e., use the code as it is.
>  Else, if uid of the mount_portal child match uid of the calling
>    process, and gid of the mount_portal child is contained in the
>    calling process' pcr_groups, then simply continue (skip
>    seteuid, setgroups, and setegid calls).

That looks right to me.

christos