setuid() anomaly

[Robert E. Stampfli]

I always thought that the sequence setuid(getuid()) could never fail, and
could always be used to set a process' effective uid equal to its real uid.
Every manual page I have seen on setuid() implies this is the case.
However, I recently discovered that, when a process is run with the suid
bit set and the owner (euid) non-root, that the setuid(getuid()) construct
will fail if the process is invoked with uid == 0 (as root).  I have tested
this and found it fails on a significant number of Unix implementations,
but not all of them.  When it fails, errno is set to 1.

This would seem to cause some subtle problems, as not many programs check
for the failure of this construct, and after executing the same, the
program continues to execute with an euid of something other than the
real uid.  It could hardly be classed as a security bug, though, as the
results are always more restrictive than they would be if the construct
worked.

I am curious.  Does anyone know why some Unix implmentations would work
this way?  Is this intentional or is it a latent bug?  Please respond
directly to me, as I don't usually read this newsgroup.

Thanks in advance,
Rob Stampfli
att!cbnews!res (work)
osu-cis!n8emr!kd8wk!res (home)