From f673b7832101686c3cbbec2c372eab441ca2fbd6 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Wed, 14 May 2014 14:17:36 +0200
Subject: [PATCH] setresuid.2: Error checking should always be performed, even
 when caller is UID 0

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/setresuid.2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man2/setresuid.2 b/man2/setresuid.2
index e9d004273..f0482cd60 100644
--- a/man2/setresuid.2
+++ b/man2/setresuid.2
@@ -66,6 +66,13 @@ On success, zero is returned.
 On error, \-1 is returned, and
 .I errno
 is set appropriately.
+
+.IR Note :
+there are cases where
+.BR setresuid ()
+can fail even when the caller is UID 0;
+it is a grave security error to omit checking for a faulure return from
+.BR setresuid ().
 .SH ERRORS
 .TP
 .B EAGAIN