Date: Mon, 7 Nov 2022 23:45:55 -0500 (EST)
From: Mouse <mo...@rodents-montreal.org>
Message-ID: <202211080445.xaa10...@stone.rodents-montreal.org>
| What am I missing?
Nothing.
Using the saved id's is only an alternative (and really, a fairly
miserable one - a security nightmare, though recent versions of it
are not as bad as when it was first invented) if the sole aim of using
setreuid() (everything about the *uid() case applies to the *gid
version as well) is to allow a setuid process perform some operations
as the real uid, and then revert to the effective uid once those are
done.
For what you need (which is somewhat unusual) only setreuid() will
work - or until we add [sg]res[ug]id() which will almost certainly
be added in the next version of the standard ... FreeBSD apparently
already has them, they're a much simpler, more versatile, and less
idiosyncratic interface to the whole mess.
Even then setreuid() is not obsolete, it is a POSIX standard interface
(along with setuid() and seteuid()) and is not going anywhere.
Further, at least until setresuid() appears, it is the only interface
available which achieves several objectives (including, but not only,
yours).
kre
ps:
https://austingroupbugs.net/view.php?id=1344
for the text which apparently has already been added to the next
draft - though all the new interfaces were subject to a review which
only ended earlier this month, so I don't think any of them are
actually officially approved yet ("new interfaces" means something proposed
which wasn't, in any form, in the earlier version - as distinct from
changes to interfaces which already existed).
