From 3b08765c1db4dd8e8ab46128bbff676a8b4e2ede Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Tue, 6 May 2003 15:34:08 +0000
Subject: [PATCH] Don't call setusercontext() to change uid unless uid == 0;
 found by mpech@

---
 usr.bin/skeyaudit/skeyaudit.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c
index e5d668a530b..2adc7b5981f 100644
--- a/usr.bin/skeyaudit/skeyaudit.c
+++ b/usr.bin/skeyaudit/skeyaudit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyaudit.c,v 1.18 2003/05/06 10:45:49 mpech Exp $	*/
+/*	$OpenBSD: skeyaudit.c,v 1.19 2003/05/06 15:34:08 millert Exp $	*/
 
 /*
  * Copyright (c) 1997, 2000, 2003 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -209,7 +209,8 @@ runsendmail(struct passwd *pw, pid_t *pidp)
 		(void)close(pfd[0]);
 
 		/* Run sendmail as target user not root */
-		if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
+		if (getuid() == 0 &&
+		    setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
 			warn("cannot set user context");
 			_exit(127);
 		}