Check Saved Privileges

An application can check the saved privilege set to determine the origin of a privilege to take action based on the findings. This example gets the saved set and checks for PRIV_PROC_SETID and PRIV_FILE_SETPRIV and finds that the file_setpriv privilege is not inherited, but the proc_setid privilege is inherited.

PRIV_EMPTY(&saved_privs);

 if (getppriv(PRIV_SAVED, &saved_privs) == -1)
	perror("Cannot get list of saved privileges\n");
 if (!PRIV_ISASSERT(&saved_privs, PRIV_PROC_SETID))
	fprintf(stderr, "proc_setid not in saved set. \n");

 if (!PRIV_ISASSERT(&saved_privs, PRIV_FILE_SETPRIV))
	fprintf(stderr, "file_setpriv not in saved set.\n");

Previous: Remove a Permitted Privilege
Next: Clear and Set the Inheritable Set