We only set the real euid, not the effective one. This is not a security issue as this is *only* used in the quota code, and only between code that brackets it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms (we use USE_SETREUID by preference) but it's better to have this right.
Patches for 3.6.next and 3.5.next to follow.
Created attachment 7694 [details]
git am fix that applies to 3.6.next and 3.5.next.
Re-assigning to Karolin for inclusion in 3.5.next and 3.6.next.
Pushed to v3-6-test and v3-5-test.
Closing out bug report.