Date: Wed, 9 Nov 2022 07:57:47 +0000 (UTC)
From: RVP <r...@sdf.org>
Message-ID: <76af8c1a-297c-81dc-8b50-4df6b985d...@sdf.org>
| I don't use seteuid(), but, it looks like you can just re-swap the
| (uid, euid) in a child binary and regain the parent's privileges.
Yes, there's no question that setreuid() works.Mouse's issue was
that setreuid(2) (the man page) says "new code should not use this",
yet for what he wanted to achieve (nothing like your code example),
the supposed replacement method (relying upon saved user ids) doesn't
do anything useful at all.
The solution to this is simple - ignore the man page warning, and go
ahead and use setreuid() (at least until running on a system which has
setresuid() - which no NetBSD has yet) which is even better.
kre
