* Use setreuid if setresuid is not available.

configure.ac

@@ -238,11 +238,15 @@ AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
 
 # Setuid installations.
 AC_CHECK_FUNC(setresuid, [HAVE_SETRESUID=1], [HAVE_SETRESUID=])
-AM_CONDITIONAL(HAVE_SETRESUID, test "$HAVE_SETRESUID" = "1")
 if test "$HAVE_SETRESUID" = "1"; then
     AC_DEFINE(HAVE_SETRESUID, 1, [whether we have setresuid()])
 fi
 
+AC_CHECK_FUNC(setreuid, [HAVE_SETREUID=1], [HAVE_SETREUID=])
+if test "$HAVE_SETREUID" = "1"; then
+    AC_DEFINE(HAVE_SETREUID, 1, [whether we have setreuid()])
+fi
+
 
 # This is needed if ATerm, Berkeley DB or bzip2 are static libraries,
 # and the Nix libraries are dynamic.

src/libmain/shared.cc

@@ -244,13 +244,19 @@ static void setuidInit()
        could also modify the Nix executables (say, replace them by a
        Trojan horse), so the problem is already there. */
 
-#if HAVE_SETRESUID
+#if 0 && HAVE_SETRESUID
-    setresuid(nixUid, nixUid, nixUid);
+    if (setresuid(nixUid, nixUid, nixUid)) abort();
-    setresgid(nixGid, nixGid, nixGid);
+    if (setresgid(nixGid, nixGid, nixGid)) abort();
-#else
+#elif HAVE_SETREUID
     /* Note: doesn't set saved uid/gid! */
-    setuid(nixUid);
+    fprintf(stderr, "warning: cannot set saved uid\n");
-    setgid(nixGid);
+    if (setreuid(nixUid, nixUid)) abort();
+    if (setregid(nixGid, nixGid)) abort();
+#else
+    /* Note: doesn't set real and saved uid/gid! */
+    fprintf(stderr, "warning: cannot set real and saved uids\n");
+    if (setuid(nixUid)) abort();
+    if (setgid(nixGid)) abort();
 #endif
 }