From d0ffbae00c2a82a93b0d472cd54fdf0df0de3f63 Mon Sep 17 00:00:00 2001
From: cgd <cgd@NetBSD.org>
Date: Sun, 23 Jan 1994 06:31:35 +0000
Subject: [PATCH] mixing setreuid and seteuid can really screw you, in terms of
 security

---
 usr.bin/rdist/docmd.c | 6 +++---
 usr.bin/rdist/main.c  | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/usr.bin/rdist/docmd.c b/usr.bin/rdist/docmd.c
index f7668855f6d4..e96ee6c027c8 100644
--- a/usr.bin/rdist/docmd.c
+++ b/usr.bin/rdist/docmd.c
@@ -33,7 +33,7 @@
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)docmd.c	5.8 (Berkeley) 3/1/91";*/
-static char rcsid[] = "$Id: docmd.c,v 1.4 1993/12/04 02:11:29 jtc Exp $";
+static char rcsid[] = "$Id: docmd.c,v 1.5 1994/01/23 06:31:35 cgd Exp $";
 #endif /* not lint */
 
 #include "defs.h"
@@ -236,9 +236,9 @@ makeconn(rhost)
 	}
 
 	fflush(stdout);
-	setreuid(userid, 0);
+	seteuid(0);
 	rem = rcmd(&rhost, port, user, ruser, buf, 0);
-	setreuid(0, userid);
+	seteuid(userid);
 	if (rem < 0)
 		return(0);
 	cp = buf;
diff --git a/usr.bin/rdist/main.c b/usr.bin/rdist/main.c
index 2cac4eb572cd..d01775a0dfcd 100644
--- a/usr.bin/rdist/main.c
+++ b/usr.bin/rdist/main.c
@@ -39,7 +39,7 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)main.c	5.6 (Berkeley) 8/27/90";*/
-static char rcsid[] = "$Id: main.c,v 1.2 1993/08/01 18:09:42 mycroft Exp $";
+static char rcsid[] = "$Id: main.c,v 1.3 1994/01/23 06:31:38 cgd Exp $";
 #endif /* not lint */
 
 #include "defs.h"
@@ -186,7 +186,7 @@ main(argc, argv)
 	}
 	*hp = NULL;
 
-	setreuid(0, userid);
+	seteuid(userid);
 	mktemp(tempfile);
 
 	if (iamremote) {