> I just verified in on Solaris by doing the following.. The subject of > the expreiment was the zcat incarnation of gzip from gnu.. I setuid > zcat to myself and then did 'zcat -f' and hit it with the quit > character from the keyboard. It produced a core if I was myself, but > didn't if I was any other user (including root). > atleast in HP-UX, probably other systems too, a setuid program will only dump core if uid == euid ie: main() { char *foo; setuid(geteuid()); fgets(foo); /* <-- boom */ } will dump core if setuid, but main() { char *foo; fgets(foo); /* <-- boom */ } will not unless run by whoever the program is setuid to.