Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!bellcore!texbell!nuchat!steve
From: steve@nuchat.UUCP (Steve Nuchia)
Newsgroups: comp.unix.wizards
Subject: Re: setuid (euid) after setuid (uid) on System 5
Message-ID: <8658@nuchat.UUCP>
Date: 15 May 89 18:23:53 GMT
References: <19534@adm.BRL.MIL>
Reply-To: steve@nuchat.UUCP (Steve Nuchia)
Organization: Houston Public Access
Lines: 18

In article <19534@adm.BRL.MIL> rbj@dsys.icst.nbs.gov (Root Boy Jim) writes:
>? In article <1196@auspex.UUCP> guy@auspex.UUCP (Guy Harris) writes:
>? >Both BSD and S5 flavors of "setuid" can be implemented atop "setreuid".

>Actually, none of this really matters. Saved set-UID's are merely
>convenient. If root wants to do something as l'user, he can just
>fork and give away his privilege. The parent is still privileged.

Not all setuid programs want to be setuid root.  The principle
of least priveledge argues for most of them not being owned by root.

Being able to keep both userids (invoker and owner) around is
enormously convenient and leads to better (more secure) utility
programs.
-- 
Steve Nuchia	      South Coast Computing Services
uunet!nuchat!steve    POB 890952  Houston, Texas  77289
(713) 964 2462	      Consultation & Systems, Support for PD Software.