switch: please provide a graceful destructor for SwitchUserGuard #31
Description
Currently, the only way to revert the effects of a switch_user_group is to drop the returned SwitchUserGuard. However, Drop is not allowed to fail, so any internal failure directly translates to a panic:
impl Drop for SwitchUserGuard {
fn drop(&mut self) {
// Panic on error here, as failing to set values back
// is a possible security breach.
set_effective_uid(self.uid).unwrap();
set_effective_gid(self.gid).unwrap();
}
}As a consumer of this crate, I'd like to have a way to switch back to the original state (consuming the guard at the same time) and get back a Result to handle the error case as usual.
I guess the signature would be something like:
pub fn reset (self /* : SwitchUserGuard */) -> IOResult<()>