git: c54d240eb1a0 - main - kern_prot.c p_candebug(): Remove single-use variable.

From: Pawel Jakub Dawidek <pjd_at_FreeBSD.org>
Date: Fri, 03 Feb 2023 01:00:39 UTC
The branch main has been updated by pjd:

URL: https://cgit.FreeBSD.org/src/commit/?id=c54d240eb1a0d23d2602ffb82d351cbfaaa94eae

commit c54d240eb1a0d23d2602ffb82d351cbfaaa94eae
Author:     Pawel Jakub Dawidek <pjd@FreeBSD.org>
AuthorDate: 2023-01-31 00:15:04 +0000
Commit:     Pawel Jakub Dawidek <pjd@FreeBSD.org>
CommitDate: 2023-02-03 01:00:24 +0000

    kern_prot.c p_candebug(): Remove single-use variable.
    
    Reviewed by:            allanjude, oshogbo
    Approved by:            allanjude, oshogbo
    Differential Revision:  https://reviews.freebsd.org/D38288
---
 sys/kern/kern_prot.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 942062756631..983e6ae21493 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1682,7 +1682,7 @@ SYSCTL_PROC(_security_bsd, OID_AUTO, unprivileged_proc_debug,
 int
 p_candebug(struct thread *td, struct proc *p)
 {
-	int credentialchanged, error, grpsubset, i, uidsubset;
+	int error, grpsubset, i, uidsubset;
 
 	KASSERT(td == curthread, ("%s: td not curthread", __func__));
 	PROC_LOCK_ASSERT(p, MA_OWNED);
@@ -1724,11 +1724,6 @@ p_candebug(struct thread *td, struct proc *p)
 	    td->td_ucred->cr_uid == p->p_ucred->cr_svuid &&
 	    td->td_ucred->cr_uid == p->p_ucred->cr_ruid);
 
-	/*
-	 * Has the credential of the process changed since the last exec()?
-	 */
-	credentialchanged = (p->p_flag & P_SUGID);
-
 	/*
 	 * If p's gids aren't a subset, or the uids aren't a subset,
 	 * or the credential has changed, require appropriate privilege
@@ -1740,7 +1735,10 @@ p_candebug(struct thread *td, struct proc *p)
 			return (error);
 	}
 
-	if (credentialchanged) {
+	/*
+	 * Has the credential of the process changed since the last exec()?
+	 */
+	if ((p->p_flag & P_SUGID) != 0) {
 		error = priv_check(td, PRIV_DEBUG_SUGID);
 		if (error)
 			return (error);