setreuid(2)?

To: tech-userlevel%netbsd.org@localhost
Subject: setreuid(2)?
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Mon, 7 Nov 2022 23:45:55 -0500 (EST)

I have a program, running with ruid=euid=0, that wants to set its real
and effective IDs to two other, different, IDs, neither one privileged.

What is the proper way to do this?  I first reached for setreuid(2),
but its manpage says that it is "made obsolete" by the saved-ID
functionality of setuid(2) and seteuid(2) and that it "should not be
used in new code".  But I must be missing something, because I can't
see any way to exploit the functionality described there, including the
saved IDs, to get the effect I want...short of creating an executable
setuid to one of the IDs, then switching to the other and execing that
executable.  I would hardly say this makes setreuid() obsolete, since
it requires writable filesystem space with set-ID functionality turned
on, a whole lot more syscalls, *and* MD code to construct a suitable
executable, none of which setreuid() needs to do the same job.

What am I missing?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: setreuid(2)?
  - From: Robert Elz
- Re: setreuid(2)?
  - From: RVP
- Re: setreuid(2)?
  - From: Robert Elz

Prev by Date: Re: strftime(3) oddities with %s, %z
Next by Date: Re: setreuid(2)?
Previous by Thread: candidate strftime docs patch
Next by Thread: Re: setreuid(2)?
Indexes:

Home | Main Index | Thread Index | Old Index