Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1741] Privilege separation patch
From: Guy Harris <[email protected]>
Date: Wed, 15 Aug 2007 12:10:33 -0700
setuid() *should*, at least according to the Single UNIX Specification, set the real, effective, and set-user ID if the process is running with appropriate privileges. The same applies, *mutatis mutandis*, to setgid().
In Mac OS X 10.4 and later, a process can, in effect, belong to a bigger 
group set than just the group set that fits in the credentials (checks 
whether a process's group set includes a given group are done by sending 
a message to memberd).  As I remember, the right way to change the group 
set of a process is to call initgroups(), passing it the user name of 
the user whose group set you want the process to pick up and that user's 
primary group ID.  initgroups() is a BSDism, and has been picked up by 
other OSes, so it's not OS X-only; we should probably use it if available.
Should the group set be changed *before* setting the effective user ID?