[ jtc, i've cc'd you in on this because it could turn into an
  interesting discussion on whether or not to implement
  _POSIX_SAVED_IDS ]
 
> >You keep providing a POSIX justification. That's invalid -- POSIX
> >doesn't talk about implimenting setuid in terms of setreuid; because
> >POSIX doesn't include setreuid.

no, posix says _nothing_ about how setuid() is implemented.
that means that it can be implemented in _any_ way that follows
the posix specification.  Note that it's commonly considered
(well, at least i consider) that a full implementation of setreuid()
and setregid() violate the 'posix security model' because they can
modify the real uid without changing the effective UID at the same
time.

the reason that setreuid() and -gid() are not implemented in NetBSD
as they were traditionally is that they are considered (i believe
rightly so) security holes waiting to happen.  however, that does not:
	(1) prohibit a person writing compat code from implementing
		them fully (though i'd argue against that), or
	(2) implementing them to the extent that they are necessary
		for proper operation of that compat code.

> 	* If NetBSD is going to emulate Ultrix setuid semantics, it has to
> 	   emulate the Ultrix semantics of setreuid() and setreguid().

and it should do so _only_ in the ultrix compat code.  (not only
that, if it does it there, it can do the emulation more cleanly,
and without hacking up any common code.)  does ULTRIX provide
the _POSIX_SAVED_IDs define?  If so, you're going to have to
do a bit more work, to deal with that...


cgd
ps. if we're going to start quoting POSIX at each other, in terms of
pages and lines, it'd be worth stating which version we're quoting.
I've now got access to 1003.1b-1993 as well as 1003.1-1990...

------------------------------------------------------------------------------