Right now, whenever we need superuser privileges, we usually raise them for the scope of the whole phase function (pkg_*) or ebuild (RESTRICT=userpriv). Usually this is unnecessary and sometimes it is much undesired.
So my idea is to run all phases with the build user privileges, and provide a new 'esudo' helper that would elevate privileges for a command/function call. Of course, this will require some fancy hackery to allow raising privileges. Commands called by ebuilds may be potentially capable of abusing this -- but well, the goal is to catch mistakes and not malice.
Usage could be like:
esudo [-u USER] [-g GROUP] [-G SUPPL_GROUPS] [-c CAPS] COMMAND...
1. -u sets EUID to given user, and EGID matching passwd,
2. -g sets EGID to given group, possibly overriding (1),
3. -G sets list of supplementary groups,
4. -c tries to enable given capabilities. If capabilities are not supported, forces superuser instead,
5. If no options are passed, defaults to gaining superuser privileges.
I'm not sure how far this should go. It would be definitely better than e.g. RESTRICT=userpriv for the whole ebuild, and cleaner than trying to invent special variable syntax to limit it to phases.
It may add unnecessary complexity in pkg_* phases. On the other hand, very often those phases either just output something (which doesn't need elevated privileges) or calls eclass functions (where we could just put our 'esudo' inside).