Hi,
Suppose one has an application which is installed setuid root.
Suppose also the application has a feature (e.g., spawn an interactive user
shell) which should NOT be run as root - but as an unprivileged user instead.
I suppose this is a fairly common operation (e.g., nethack is probably
installed setgid games and I think it can spawn a shell), and it is probably
done thus:
if (0 == fork()) { /* child */
magic incantations to restore gid;
exec("/bin/bash");
} else ...
So, what are those "magic incantations"?
do they go beyond
setreuid(getuid(), getuid());
??
Yes, I can probably hunt them down myself, but I would rather have an expert
opinion.
Also, if the magic goes beyond 1-2 lines, I think it would be a good idea to
add it to gnulib.
thanks.
Sam.
