I have a program, running with ruid=euid=0, that wants to set its real and effective IDs to two other, different, IDs, neither one privileged.
What is the proper way to do this? I first reached for setreuid(2), but its manpage says that it is "made obsolete" by the saved-ID functionality of setuid(2) and seteuid(2) and that it "should not be used in new code". But I must be missing something, because I can't see any way to exploit the functionality described there, including the saved IDs, to get the effect I want...short of creating an executable setuid to one of the IDs, then switching to the other and execing that executable. I would hardly say this makes setreuid() obsolete, since it requires writable filesystem space with set-ID functionality turned on, a whole lot more syscalls, *and* MD code to construct a suitable executable, none of which setreuid() needs to do the same job. What am I missing? /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
