Marek Michalkiewicz (
Fri, 15 Nov 1996 22:00:13 +0100 (MET)

Since 2.1.5 or so, we have the new setresuid() system call. It's not
part of any standard (as far as I know) - but it also exists on HP-UX,
so I think it would be nice to stay compatible with that.

Our current implementation is slightly different. According to the
HP-UX man page, setresuid() treats all the uids the same way.

setresuid() is allowed if any one of the current uids (ruid/euid/suid)
is 0, or if each of the specified new uids matches at least one of the
current ruid/euid/suid. So if you aren't root, you can swap any two
of the three uids, or even swap all three (they all can be different).

HP-UX also has setresgid(), and we don't. It is similar - if you
aren't root (any of the uids equal to 0), you can swap any of the
three gids.

I think it should be possible to implement the other set*id()
calls only in terms of setres[ug]id(). Maybe even in libc?

One more thing: setresuid() should do "current->dumpable = 0" if
it changes the effective uid (like the other set*id syscalls do).
I think this is necessary to keep /proc/<pid>/fd/* secure (these
files are owned by euid of <pid>).