setuid.2: Error checking should always be performed, even when caller is UID 0

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-14 14:15:56 +02:00 · 2014-05-14 14:15:56 +02:00 · 7d8d165a4b
parent c4fe0edf5c
commit 7d8d165a4b
1 changed files with 7 additions and 0 deletions
--- a/man2/setuid.2
+++ b/man2/setuid.2
@ -72,6 +72,13 @@ On success, zero is returned.
 On error, \-1 is returned, and
 .I errno
 is set appropriately.
+
+.IR Note :
+there are cases where
+.BR setuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a faulure return from
+.BR setuid ().
 .SH ERRORS
 .TP
 .B EAGAIN