Differences with security implications: setuid

Differences in setuid/setgid semantics

Great paper: Setuid Demystified, H. Chen, D. Wagner and D. Dean, USENIX 2002
Various systems implement setuid differently
Some usage patterns can lead to incomplete privilege revocation

OpenSSH implements their recommendations:
Prefer setresuid() when available
Unambiguous semantics
Do a more complicated dance when it isn't:
seteuid()
setuid()
Try to restore uid and fatal() if it succeeds
Fetch effective and real uid and fatal() if privilege hasn't been dropped

