Re: setuid(geteuid());?

> > That is a valid concern, but the code doesn't actually prevent this.
> 
> After reading the setuid man page a third time, I think you are right.
> 
> On machines that have setreuid(), or even better setresuid(), we could
> force the ruid (and suid for good measure) to match euid.  Otherwise we
> probably should refuse to start unless getuid matches geteuid.
> 
> Hmm ... setresuid may be an HP-ism ... does anyone else have that?
> setreuid appears to be a BSD-ism, so it ought to be reasonably popular.

I have setreuid on BSD/OS, no setresuid.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026