Set User ID

The exec'd program's effective privileges are on by default. Because the new program has the proc_setid privilege in its effective set, you can call setuid(2) to see how the effective and saved sets change when the User ID changes. See "Change in User ID" for the discussion.

retval = setuid(0);

PRIV_EMPTY(&priv_get);
retval = getppriv(PRIV_EFFECTIVE, &priv_get);
priv_set_to_str(&priv_get, ',', buffer, &length);
printf("Executable setuid effective = %s\n", buffer);

PRIV_EMPTY(&priv_get);
retval = getppriv(PRIV_SAVED, &priv_get);
priv_set_to_str(&priv_get, ',', buffer, &length);
printf("Executable setuid saved = %s\n", buffer);

The printf statements print the following:

Executable setuid effective = none
Executable setuid saved = file_mac_write,proc_setid

Previous: Execute a File
Next: Chapter 4 Labels