Page History

Processes on Linux have two additional values called {{fsuid}} and {{fsgid}}. These indicate the privileges used when accessing files on the file system. These values normally shadow the effective user ID and effective group ID, but the {{setfsuid()}} and {{setfsgid()}} functions allow them to be changed.  Since changes to the {{euid}} and {{egid}} normally also apply to {{fsuid}} and {{fsgid}}, a program relinquishing root privileges need not be concerned with setting {{fsuid}} or {{fsgid}} to safe values. However, there has been at least one kernel bug that violated this invariant (\[[Chen 02|AA. C References#Chen 02]\] and \[[Tsafrir 08|AA. C References#Tsafrir 08]\]). Consequently, a prudent program will check that {{fsuid}} and {{fsgid}} have harmless values after relinquishing privileges.