From: utzoo!decvax!decwrl!sun!megatest!fortune!hpda!hplabs!sri-unix!dbj.rice@Rand-Relay
Newsgroups: net.unix-wizards
Title: Re: Set UID inquiry
Article-I.D.: sri-arpa.809
Posted: Sun Mar 20 02:10:33 1983
Received: Wed Apr  6 05:43:11 1983

From:  Dave Johnson <dbj.rice@Rand-Relay>

One way to solve your problem with being able to exec a program that
your real uid can't exec, but needing to undo the setuid effect of a
setuid program before doing the exec would be something like the following:

Move your games that you want to protect (in this case) from
/usr/games/ to something like /usr/games/protected/unprotected/,
and make the "protected" directory not world executable, while
the "unprotected" directory is world executable.  Then, make your
games_mgr program chdir to /usr/games/protected/unprotected, then do
a setuid(getuid()) to put the effective uid back to the real uid, and
then exec the game out of the current directory.  The exec will succeed
(assuming the program itself is world executable) since the kernel will
not need to look outside the current directory to find the program.
The only bad side-effect of this is that the program will be running
with a current directory other than what the user had in his shell
when he invoked it.  This could cause confusion in naming files for
saving games, etc., but is better than modifying the kernel...

                                Dave Johnson