On Mon, Mar 03, 2003 at 10:25:56PM +0000, David Laight wrote:
  | Currently the tests for the legality of setuid and setgid calls are
  | repeated in each of the functions that can set new values, as is any
  | ancillary action that must be done in order to keep the data structures
  | consistent (eg the chgproccnt() calls).
  | 
  | The change below uses two 'helper' functions do_setres{u,g}id to
  | perform the actual change, allowing the individual system calls to
  | just specify any restrictions on the legal changes.
  | (non-superuser can never introduce a value that isn't the real,
  | effective of saved one).
  | 
  | This also stops the 'compat' functions getting out of step with
  | any future changes.

This looks good in principle.

A couple of comments:

    *	Why not add setresuid() and setresgid() system calls?
	Other systems (hp-ux, linux (?), etc) have them, and they
	could be useful here too?
	Maybe the "kernel style" / "standard" gurus have comments
	on this one.

    *	I think you missed some compat cases, including compat/hpux.


Luke.