The bug was:
if (getuid() == 0 || geteuid != 0)
Reasons it shouldn't have happened:
- Why can you compare pointers and integers without a compiler warning? (This actually surprises me: it appears to be true even in C++...?)
- Why does X run as root? (Even if it tries to drop privileges, this bug was in the startup code.) (I know the answer to this, but, sigh.)