rundir-helper: unclear permissions checking in main() vs. xdg_compat_set_euser()
main()of "rundir-helper.c" checks if the option "--as-system" has been given, if yes, effective instead of real UIDs are used for directory checking and manipulation; the function main() also checks if the executing (real) user has the permission to use the "--as-system" option; the function
xdg_compat_set_euser()afterwards implements three different setups of EUID/EGID: (1) normal mode of operation (2) run entirely as executing user (option --as-user given) (3) run entirely as system service user (option --as-system given).
The above described implementation of different possible EUID/EGID setups is ugly as it spreads permissions checking out between main() and
xdg_compat_set_euser(). Also the use of "ruid" and "rgid" for values that really are EUIDs and EGIDs in the case that the "--as-system" option is given, is confusing.
The relevant permissions check has been moved to a more prominent position in
xdg_compat_set_euser()still performs some checking, but it's essentially redundant, does not fully apply (because it relies on
geteuid()which could be too late) and will be deleted; it is entirely up to the caller to ensure the integrity of (E|R)UID and (E|R)GID, and the documentation should be updated to clearly state so.