You're first call to setreuid is actually a no-op - it does not drop privileges, you are essentially saying set my real uid to my getuid and my effective uid to my geteuid, which in the case of a setuid app is the same as you obtained.
At the start of a setuid root program run as user bob, then getuid() == bob, geteuid() == root
If you want to drop privileges, then you should probably have called:
setreuid(euid, ruid);
Thad would have set the effective uid to bob and the real uid to rood. Everything done after that point will be as if by the unprivileged user bob, understanding that you have not completely dropped the ability to switch back to root privileges at this point, because you have not wiped out the saved-user-id information.
Obtaining root privileges would be done by:
setreuid(ruid, euid);
Similarly, at the end, when you are re-dropping privileges, you need to do the same:
setreuid(euid, ruid);
i.e. set the effective uid to the id bob. the [answer here][1] is a similar situation, which explains the details a little more concisely.
Generally, when checking this information, a little printerhelper like:
void printids(char *header) {
uid_t ruid, euid, saveduid;
getresuid(&ruid, &euid, &saveduid);
printf("%s ruid=%d euid=%d saveduid=%d\n", header, ruid, euid, saveduid);
}
assists in determining the privileges/uid information at all the steps.
it would be a little simpler to just use seteuid() for the temporary changing of the privileges, rather than the little more heavy handed setreuid(). You can also use the setresuid() call to be more explicit on the setting of the real, effective and saved userid values.
Saving and dropping privileges:
setresuid(ruid, ruid, euid);
Re-obtaining root privileges:
setresuid(euid, euid, -1);
Dropping back to non-root privileges:
setresuid(ruid, ruid, -1);
i.e. we let the saved user-id keep the root information, and manipulate the realuid and euid values toggling between root/non-root
