From adc416e922f98b4b52093f26c91216e3b4106f3d Mon Sep 17 00:00:00 2001
From: Brent Cook <bcook@openbsd.org>
Date: Mon, 16 Feb 2015 22:19:01 -0600
Subject: remove getuid/getgid fallbacks from hp-ux issetugid emulation

Fail closed if we cannot obtain the process flags. Noticed while looking
at a similar function for AIX.
---
 crypto/compat/issetugid_hpux.c | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/crypto/compat/issetugid_hpux.c b/crypto/compat/issetugid_hpux.c
index 73def9b..ca0e42c 100644
--- a/crypto/compat/issetugid_hpux.c
+++ b/crypto/compat/issetugid_hpux.c
@@ -4,23 +4,14 @@
 
 /*
  * HP-UX does not have issetugid().
- * This experimental implementation uses pstat_getproc() and get*id().
- * First, try pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. 
- * In case unsuccessful calling pstat_getproc(), using get*id().
- *
+ * Use pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. If this call
+ * cannot be used, assume we must be running in a privileged environment.
  */
 int issetugid(void)
 {
 	struct pst_status buf;
-	if(pstat_getproc(&buf, sizeof(buf), 0, getpid()) != 1) {
-	    perror("pstat_getproc()");
-	} else {
-	    if(buf.pst_flag & PS_CHANGEDPRIV)
-		return 1;
-	}
-	if(getuid() != geteuid())
-	    return 1;
-	if(getgid() != getegid())
-	    return 1;
-	return 0;
+	if (pstat_getproc(&buf, sizeof(buf), 0, getpid()) == 1 &&
+	    !(buf.pst_flag & PS_CHANGEDPRIV))
+		return 0;
+	return 1;
 }
-- 
cgit v1.2.3-55-g6feb