site_archiver@lists.apple.com Delivered-To: Darwin-dev@lists.apple.com Hi, oldeuid = geteuid(); oldegid = getgid(); realoldgroupcount = getgroups(16, oldsgrouplist); seteuid(neweuid); posix_spawn(...) seteuid(oldeuid); setgroups(realoldgroupcount, newgroupslist); setegid(newgid); -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Sep 25, 2008, at 9:50 AM, Mario Emmenlauer wrote: 2) I haven't tried pthread_start(), but its very likely to be equal This should have been posix_spawn(), not pthread_start()... but come on, they do sound similar :-D posix_spawn() is morally equivalent to a vfork() followed by an execve(), with the ability to do a limited set of intermediate work in between. Part of the limited set of work is controlled by the flags set via posix_spawnattr_setflags(), and one of those flags is POSIX_SPAWN_RESETIDS. Depending on how you are running the parent process at the time of the spawn, you can either set this flag, and inherit the real uid/gid, or not set the flag and inherit the effective uid/gid. Since we support proper security partitioning (POSIX saved IDs + non- library setreuid() and setregid()), your most correct path would be to run as root and: ...the get and setegid are not necessary on MacOS X, since they are included in the supplementary groups list, but you will include them if you want your code to be portable to e.g. Solaris. This email sent to site_archiver@lists.apple.com