The issetugid() function enables library functions (in libtermlib, libc, or other libraries) to guarantee safe behavior when used in setuid or setgid programs. Some library functions might be passed insufficient
information and not know whether the current program was started setuid or setgid because a higher level calling code might have made changes to the uid, euid, gid, or egid. These low-level
library functions are therefore unable to determine if they are being run with elevated or normal privileges.
The issetugid() function should be used to determine if a path name returned from a getenv(3C) call can be used safely to open the specified
file. It is often not safe to open such a file because the status of the effective uid is not known.
The result of a call to issetugid() is unaffected by calls to setuid(), setgid(), or other such calls. In case of a call to fork(2),
the child process inherits the same status.
The status of issetugid() is affected only by execve() (see exec(2)). If a child process executes a new executable file, a new issetugid() status will be based on the existing process's uid, euid, gid, and egid permissions and on the modes of the executable file. If the new executable file modes are setuid or setgid,
or if the existing process is executing the new image with uid != euid or gid != egid, issetugid() will return 1 in the new process.
|