I have read many questions and answers about how the setuid bit works and about how sudo works, and I think I have understood that stuff.
However, I couldn't find out what should happen when a program is executed via sudo if that program itself has the setuid bit set. The question is best explained by an example:
On the system in question, there is a user called user1. The system has sudo installed and configured correctly so that the root user can execute programs as whichever different user he wants. Furthermore, there is a program /usr/bin/exampleprog which is owned by root:wheel and has the setuid and setgid bits set:
root@morn ~ # dir /usr/bin/exampleprog
-rwsr-sr-x 1 root wheel 92K 2017-11-16 23:42 /usr/bin/exampleprog
Now I login as root and execute the following command:
root@morn ~ # sudo -u user1 /usr/bin/exampleprog
What happens nowthen? Does exampleprog run as user1 (as could be expected from the options given to sudo), or does it run as root (because the executable is owned by root and has its setuid bit set)?
To make things more complicated, there is an additional program /usr/bin/wrapper, also owned by root:wheel, but without the setuid and setgid bits:
root@morn ~ # dir /usr/bin/wrapper
-rwxr-xr-x 1 root wheel 15K 2017-11-16 23:42 /usr/bin/wrapper
The wrapper program, when being executed, at some point executes (spawns) /usr/bin/exampleprog.
Now I execute:
root@morn ~ # sudo -u user1 /usr/bin/wrapper
When wrapper spawns exampleprog, will the latter run as user1 or as root?