+ * Most calls to setreuid() are done in order to swap real and
+ * effective uids. In old versions of BSD, this was the only
+ * way to temporarily renounce privileges and be able to get
+ * them back. In the presence of the POSIX saved id, however,
+ * we can do this without modifying the real uid, which could have
+ * opened up a security hole. So, we implement this: when the user
+ * attempts to set its real uid, we just check to make sure
+ * that they will be able to seteuid() back to that id at some
+ * later time, but don't actually change the real uid.
+ * Logic taken from 4.4BSD.