About `set_thread_res_uid` and Uid types

[rusty-snake]

Uid in rustix has a strange history of not liking the value -1. While it is nowadays sound (no unsafe) to create one, it is still incorrect.

At the same time the set_thread_res_uid takes three Uids that have a clear use of being -1 in this syscall interface.

It is possible to implement set_thread_euid like

set_thread_res_uid(
    Uid::from_raw_unchecked(-1_i32 as u32),
    euid,
    Uid::from_raw_unchecked(-1_i32 as u32),
)?;

this is

• ugly, complicated and long
• documented as being incorrect

So my suggestion is to change set_thread_res_uid to take three Option<Uid> in a semver compatible way.

[sunfishcode]

Good catch; I agree we should change set_thread_res_uid to take three Option<Uid>s, in a semver-compatible way, by deprecating the current function and adding a new function with a different name.

[rusty-snake]

I would just go with

fn set_thread_res_uid<R, E, S>(real: R, effective: E, saved_set: S)
where
    R: Into<Option<Uid>>,
    E: Into<Option<Uid>>,
    S: Into<Option<Uid>>,

This way you can keep passing a Uid directly without writing Some or passing None.

[rusty-snake]

The think is how do we want to implement?

1. set_thread_res_uid does Uid::from_raw_unchecked(-1_i32 as u32) and backend::setresuid_thread is unchanged.
2. set_thread_res_uid converts to RawUid and backend::setresuid_thread takes RawUid.
3. set_thread_res_uid converts to Option<Uid> and backend::setresuid_thread takes Option<Uid> and does Uid::from_raw_unchecked(-1_i32 as u32) or converts to RawUid.

[rusty-snake]

2. Doesn't sound funny with ArgReg

1. Still needs to exploit from_raw_unchecked(-1_i32 as u32)

So I would go with 3. and impl<'a, Num: ArgNumber> From<Option<Uid>> for ArgReg<'a, Num>