How do permissions propagate in Mac OS X?

Question

So if I make a program suid root on my mac, and that program runs exec on /bin/sh, the shell is not root whereas if I do the same thing on Linux, the shell is root. Does Mac not propagate permissions the same way Linux does? Or is there just something different going on with the suid bits? My understanding is that programs with suid root run with root privileges. And since a root shell that calls /bin/sh will create another root shell, shouldn't an suid root program that calls exec on /bin/sh create a root shell?

Answer 1

All processes have multiple UIDs (the real, effective, and saved UID, at a minimum). Executing a setuid binary only affects the effective and saved UIDs, not the "real" UID -- as a result, a setuid binary will "know" what UID it was executed from, and can return to that UID. In this case, the bash implementation of /bin/sh automatically returns to its real UID when it's executed.