rml@hpfcls.UUCP (06/21/84)
I posted this several weeks ago, but it apparently never made it to most of the net. Apologies to those who've seen it before. System V added the feature of "saving" the effective user id across calls to setuid(2), to allow set-user-id programs to switch their effective user id back and forth between their real user id and the id of the program's owner. From reading the code, I have observed that this feature only works as documented when neither the real user id nor effective user id is superuser. When the real user id is superuser (and the effective user id is not), setuid will always fail. When the effective user id is superuser (and the real user id is not), the process can do one setuid to its real user id, but all subsequent setuid calls will fail. Can anyone tell me why this is so? It would appear that it is intended to provide some security, but I don't see how it does anything other than restrict the rights of the superuser to do things permitted for ordinary users. Bob Lenk {hplabs, ihnp4}!hpfcla!rml