Securely changing the identity of a process is an operating system dependent, subtle, and error-prone business. This project provides a C library to accomplish this task, abstracting away all the low-level non-portable details. The interface allows users to permanently or temporarily change the identity (in the latter case the interface allows the privileges to be restored). The implementation takes care of the real/effective/saved user and group IDs, as well as the supplementary groups.

The code was extensively tested on Linux, FreeBSD, OpenSolaris, and AIX. Nevertheless, we warn that, given the history of subtle pitfalls in the set∗id system calls, it may be prudent for developers to avoid relying upon our algorithm until it has been subject to careful review by others. In addition, users of this library should note that it does not account for any "capabilities" systems that the OS might employ.

The files to download are priv.h (the interface), priv.c (the implementation), and priv.pdf (the documentation).