From cb52b51422c1ded9089ecfd5a54fab7c34f793e3 Mon Sep 17 00:00:00 2001
From: Dan Gohman <dev@sunfishcode.online>
Date: Wed, 10 Jan 2024 22:48:19 -0800
Subject: [PATCH 1/2] Organize `set*id` functions into their own todo module.

---
 c-scape/src/process/egid.rs |  6 ------
 c-scape/src/process/euid.rs |  6 ------
 c-scape/src/process/gid.rs  | 10 ----------
 c-scape/src/process/uid.rs  | 10 ----------
 c-scape/src/todo.rs         | 17 +---------------
 c-scape/src/todo/set_id.rs  | 40 +++++++++++++++++++++++++++++++++++++
 6 files changed, 41 insertions(+), 48 deletions(-)
 create mode 100644 c-scape/src/todo/set_id.rs

diff --git a/c-scape/src/process/egid.rs b/c-scape/src/process/egid.rs
index 7e62659..db875b9 100644
--- a/c-scape/src/process/egid.rs
+++ b/c-scape/src/process/egid.rs
@@ -5,9 +5,3 @@ unsafe extern "C" fn getegid() -> gid_t {
     libc!(libc::getegid());
     rustix::process::getegid().as_raw()
 }
-
-#[no_mangle]
-unsafe extern "C" fn setegid(_gid: gid_t) -> c_int {
-    libc!(libc::setegid(_gid));
-    todo!("setegid")
-}
diff --git a/c-scape/src/process/euid.rs b/c-scape/src/process/euid.rs
index 41fbe67..55ba568 100644
--- a/c-scape/src/process/euid.rs
+++ b/c-scape/src/process/euid.rs
@@ -5,9 +5,3 @@ unsafe extern "C" fn geteuid() -> uid_t {
     libc!(libc::geteuid());
     rustix::process::geteuid().as_raw()
 }
-
-#[no_mangle]
-unsafe extern "C" fn seteuid(_uid: uid_t) -> c_int {
-    libc!(libc::seteuid(_uid));
-    todo!("seteuid")
-}
diff --git a/c-scape/src/process/gid.rs b/c-scape/src/process/gid.rs
index d69f587..dde5745 100644
--- a/c-scape/src/process/gid.rs
+++ b/c-scape/src/process/gid.rs
@@ -5,13 +5,3 @@ unsafe extern "C" fn getgid() -> gid_t {
     libc!(libc::getgid());
     rustix::process::getgid().as_raw()
 }
-
-#[no_mangle]
-unsafe extern "C" fn setgid(_gid: gid_t) -> c_int {
-    libc!(libc::setgid(_gid));
-
-    // rustix has a `set_thread_gid` function, but it just wraps the Linux
-    // syscall which sets a per-thread GID rather than the whole process GID.
-    // Linux expects libc's to have logic to set the GID for all the threads.
-    todo!("setgid")
-}
diff --git a/c-scape/src/process/uid.rs b/c-scape/src/process/uid.rs
index 89a52d7..854a169 100644
--- a/c-scape/src/process/uid.rs
+++ b/c-scape/src/process/uid.rs
@@ -5,13 +5,3 @@ unsafe extern "C" fn getuid() -> uid_t {
     libc!(libc::getuid());
     rustix::process::getuid().as_raw()
 }
-
-#[no_mangle]
-unsafe extern "C" fn setuid(uid: uid_t) -> c_int {
-    libc!(libc::setuid(uid));
-
-    // rustix has a `set_thread_uid` function, but it just wraps the Linux
-    // syscall which sets a per-thread UID rather than the whole process UID.
-    // Linux expects libc's to have logic to set the UID for all the threads.
-    todo!("setuid")
-}
diff --git a/c-scape/src/todo.rs b/c-scape/src/todo.rs
index 2a891db..06a8bb6 100644
--- a/c-scape/src/todo.rs
+++ b/c-scape/src/todo.rs
@@ -11,6 +11,7 @@ mod long_double;
 mod long_double_complex;
 mod pthread_cancel;
 mod pthread_spin;
+mod set_id;
 mod sysv;
 mod wchar;
 
@@ -838,14 +839,6 @@ unsafe extern "C" fn __isoc99_vsscanf() {
     todo!("__isoc99_vsscanf")
 }
 #[no_mangle]
-unsafe extern "C" fn setregid() {
-    todo!("setregid")
-}
-#[no_mangle]
-unsafe extern "C" fn setreuid() {
-    todo!("setreuid")
-}
-#[no_mangle]
 unsafe extern "C" fn times() {
     todo!("times")
 }
@@ -926,14 +919,6 @@ unsafe extern "C" fn setns() {
     todo!("setns")
 }
 #[no_mangle]
-unsafe extern "C" fn setresgid() {
-    todo!("setresgid")
-}
-#[no_mangle]
-unsafe extern "C" fn setresuid() {
-    todo!("setresuid")
-}
-#[no_mangle]
 unsafe extern "C" fn mq_close() {
     todo!("mq_close")
 }
diff --git a/c-scape/src/todo/set_id.rs b/c-scape/src/todo/set_id.rs
new file mode 100644
index 0000000..6ebd944
--- /dev/null
+++ b/c-scape/src/todo/set_id.rs
@@ -0,0 +1,40 @@
+//! Linux's system calls for these functions only set the IDs for one thread,
+//! and we need to set the IDs for all threads in a process.
+//!
+//! This would typically entail taking a lock that prevents thread creation,
+//! setting the IDs for each thread manually by sending signals to them and
+//! having signal handlers that perform the set operation, waitinig for all
+//! the handlers to run, and then releasing the lock.
+
+#[no_mangle]
+unsafe extern "C" fn setuid() {
+    todo!("setuid")
+}
+#[no_mangle]
+unsafe extern "C" fn setgid() {
+    todo!("setgid")
+}
+#[no_mangle]
+unsafe extern "C" fn seteuid() {
+    todo!("seteuid")
+}
+#[no_mangle]
+unsafe extern "C" fn setegid() {
+    todo!("setegid")
+}
+#[no_mangle]
+unsafe extern "C" fn setreuid() {
+    todo!("setreuid")
+}
+#[no_mangle]
+unsafe extern "C" fn setregid() {
+    todo!("setregid")
+}
+#[no_mangle]
+unsafe extern "C" fn setresuid() {
+    todo!("setresuid")
+}
+#[no_mangle]
+unsafe extern "C" fn setresgid() {
+    todo!("setresgid")
+}

From 525baadd81c424af68dcc8529f07bc0e13a2c3a5 Mon Sep 17 00:00:00 2001
From: Dan Gohman <dev@sunfishcode.online>
Date: Wed, 10 Jan 2024 22:54:06 -0800
Subject: [PATCH 2/2] Leave `setuid` and `setgid` outside of the todo module.

They're depended on by libstd.
---
 c-scape/src/process/egid.rs |  2 +-
 c-scape/src/process/euid.rs |  2 +-
 c-scape/src/process/gid.rs  | 10 ++++++++++
 c-scape/src/process/uid.rs  | 10 ++++++++++
 c-scape/src/todo/set_id.rs  |  8 --------
 5 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/c-scape/src/process/egid.rs b/c-scape/src/process/egid.rs
index db875b9..8c02706 100644
--- a/c-scape/src/process/egid.rs
+++ b/c-scape/src/process/egid.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, gid_t};
+use libc::gid_t;
 
 #[no_mangle]
 unsafe extern "C" fn getegid() -> gid_t {
diff --git a/c-scape/src/process/euid.rs b/c-scape/src/process/euid.rs
index 55ba568..70bda0f 100644
--- a/c-scape/src/process/euid.rs
+++ b/c-scape/src/process/euid.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, uid_t};
+use libc::uid_t;
 
 #[no_mangle]
 unsafe extern "C" fn geteuid() -> uid_t {
diff --git a/c-scape/src/process/gid.rs b/c-scape/src/process/gid.rs
index dde5745..d69f587 100644
--- a/c-scape/src/process/gid.rs
+++ b/c-scape/src/process/gid.rs
@@ -5,3 +5,13 @@ unsafe extern "C" fn getgid() -> gid_t {
     libc!(libc::getgid());
     rustix::process::getgid().as_raw()
 }
+
+#[no_mangle]
+unsafe extern "C" fn setgid(_gid: gid_t) -> c_int {
+    libc!(libc::setgid(_gid));
+
+    // rustix has a `set_thread_gid` function, but it just wraps the Linux
+    // syscall which sets a per-thread GID rather than the whole process GID.
+    // Linux expects libc's to have logic to set the GID for all the threads.
+    todo!("setgid")
+}
diff --git a/c-scape/src/process/uid.rs b/c-scape/src/process/uid.rs
index 854a169..89a52d7 100644
--- a/c-scape/src/process/uid.rs
+++ b/c-scape/src/process/uid.rs
@@ -5,3 +5,13 @@ unsafe extern "C" fn getuid() -> uid_t {
     libc!(libc::getuid());
     rustix::process::getuid().as_raw()
 }
+
+#[no_mangle]
+unsafe extern "C" fn setuid(uid: uid_t) -> c_int {
+    libc!(libc::setuid(uid));
+
+    // rustix has a `set_thread_uid` function, but it just wraps the Linux
+    // syscall which sets a per-thread UID rather than the whole process UID.
+    // Linux expects libc's to have logic to set the UID for all the threads.
+    todo!("setuid")
+}
diff --git a/c-scape/src/todo/set_id.rs b/c-scape/src/todo/set_id.rs
index 6ebd944..2dbe7cd 100644
--- a/c-scape/src/todo/set_id.rs
+++ b/c-scape/src/todo/set_id.rs
@@ -6,14 +6,6 @@
 //! having signal handlers that perform the set operation, waitinig for all
 //! the handlers to run, and then releasing the lock.
 
-#[no_mangle]
-unsafe extern "C" fn setuid() {
-    todo!("setuid")
-}
-#[no_mangle]
-unsafe extern "C" fn setgid() {
-    todo!("setgid")
-}
 #[no_mangle]
 unsafe extern "C" fn seteuid() {
     todo!("seteuid")