Slight restructuring of the logic for credential change case identification

during execve() to use a 'credential_changing' variable.  This makes it
easier to have outstanding patchsets against this code, as well as to
add conditionally defined clauses.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

sys/kern/kern_exec.c

@@ -145,6 +145,7 @@ execve(td, uap)
 	struct vnode *tracevp = NULL;
 #endif
 	struct vnode *textvp = NULL;
+	int credential_changing;
 
 	imgp = &image_params;
 
@@ -378,8 +379,13 @@ execve(td, uap)
 	 * the process is being traced.
 	 */
 	oldcred = p->p_ucred;
-	if ((((attr.va_mode & VSUID) && oldcred->cr_uid != attr.va_uid) ||
-	     ((attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid)) &&
+	credential_changing = 0;
+	credential_changing |= (attr.va_mode & VSUID) && oldcred->cr_uid !=
+	    attr.va_uid;
+	credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
+	    attr.va_gid;
+
+	if (credential_changing &&
 	    (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
 	    (p->p_flag & P_TRACED) == 0) {
 		/*