>>> I am a bit puzzled by recent changes (last year) to how setuid works.
>>> Traditionally, it has always been possible as root to call
>>> 
>>>   seteuid(someid)
>>>   setuid(someid)
>>> 
>>> This now fails.  The call to seteuid() succeeds but the the second call
>>> fails leaving the uid=0 and the euid=someid
>>>
>>> Is there some logic behind this behavior?

>> What is your starting condition (euid, ruid, etc.)?  Was the process
>> started from a set-ID binary file?

> Either,
> 
> $ sudo ./application
> 
> or
>  
> $ sudo su -
> # /somewhere/application
> 
> So, euid, ruid, uid == 0 in the latter case.

I tested the program on NetBSD-1.4.2 and NetBSD-1.6_STABLE,
and the setuid(2) call failed on both systems with EPERM.
It failed on Solaris-2.6 and Linux-2.4, too.

Is such change really made at last year?
--
soda