> this paper may be interesting. It describes the complexities of setting
> user IDs in various systems.
> 
> http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf

Well, I've found one mistake on page 2:
    When a process executes a new file by exec, it keeps its three user IDs
    unless the set-user-ID bit of the new file is set, in which case the
    effective uid and saved uid are assigned the user ID of the owner of the
    new file.

The saved uid is set to the old effective uid...

The bullet point below isn't much better - you can't write to the sv_uid
unless the system has a setresuid() system call.

It also only mentions a very small subset of the available Unix systems,
fails to note the big flaw in posix saved ids....

	David

-- 
David Laight: david@l8s.co.uk