Why is this an issue?
setuid
family of functions are used to change the user identity of the caller process in order to change privileges for the following
actions. If the function call returns with an error, the rest of the program will execute with unexpected privileges leading to unexpected
behaviour.
Noncompliant code example
void f() {
...
setuid(0); // Noncompliant
...
}
Compliant solution
void f() {
...
if (setuid(0)) {
// fail
}
...
}