Sadly, it's not possible to do what I want to do with the existing
syscalls.

The process in question starts out running as root.  Thus r=e=svuid=0

The ruid can only be set to an unprivileged user if we drop all
privileges with setuid(x).  Here's the comment from kern_prot.c:
	/*
	 * we assume that the intent of setting ruid is to be able to get
	 * back ruid priviledge. So we make sure that we will be able to
	 * do so, but do not actually set the ruid.
	 */

The net result is that if you start out with ruid=x, euid=y, then
setreuid(y,x) ends up with ruid=euid=x, which seems not quite ideal.

The failure to set ruid is the crux of the problems I've seen.

==John

------------------------------------------------------------------------------