"context_0.uid_gid_set" has already been since 2.1.3 (and probably earlier versions) serving as a dedicated way of guarding "do_uid_gid_chroot()" from executing privilege dropping area twice (if you take "context.first_time" out of the way first and put "first_time" checks to calls [the ones outside of "no_delay" checks] that could be executed more than once, before "uid_gid_set" is flipped to "true"). Unlike "context.first_time" it also only prevents entering entire block *after* initialization is done (connection successful etc.) and the process has already dropped privileges (if requested).
"uid_gid_set" name is actually causing a small confusion here since it might indicate that it's related *only* to UID/GID dropping (maybe that was the initial intention), but the way it is used (and has been) is more "do_uid_gid_chroot()" oriented overall - this is not a bad thing, because it allows us to fix the issue. While the patch is designed to only fix the problem I was thinking if it wouldn't be perhaps better to rename "context_0.uid_gid_set" to something more function related like "context_0.uid_gid_chroot_set", to make it more obvious for people who would look at the code in the future that this member is actually meant for the function in general, not only a certain part of it (UID/GID). Lukasz K.
pgpLSptMPG7ZU.pgp
Description: OpenPGP digital signature
