Purpose: to investigate issues relating to writing set-userid Tk applications.

Here's a simple set-userid application that I'm using as a demonstration of the machinations one has to go through to get this stuff to work..

 $ cat setuid.sh
 #! /bin/sh
 
 /usr/tcl83/bin/tclsh /home/lwv26/setuid.tcl

 $ cat setuid.tcl
 #!/bin/sh
 # \
 exec /usr/tcl83/bin/tclsh "$0" ${1+"$@"}
 
 package require Tclx
 set i [info loaded]
 puts $i

 set efd1 [open "/tmp/effective" "w"]
 puts $efd1 "output"
 close $efd1

 # A file owned by the effective user id was just created
 # Now, change users so that Tk can be done.
 
 set effective [id effective userid]
 set real [id  userid ]

 puts "Before: realid = $real  effectiveid = $effective"
 id userid $real
 puts "After: realid = $real  effectiveid = $effective"

 load /usr/tcl83/lib/libtk8.3.so
 proc quitApp { args } {
        puts [format "%s" $args]
 }
 
 set res [wm protocol . WM_DELETE_WINDOW quitApp]
 
 puts $res
 button .b -text 0 -command {.b config -text [expr [.b cget -text]+1]}
 pack   .b ;#RS
 vwait forever
 puts "All done now"
 

 $ su differentuid
 Password: 
 % chmod 4755 setuid.sh
 $
 $ /home/lvirden/setuid.sh
 Before: realid = 203  effectiveid = 3750
 After: realid = 203  effectiveid = 3750

followed by the appearance of a button.  Attempts to close out the button
just result in output to stdout and the button continuing.

----

I'd love to hear from you on what else I need to consider, and how we
could make this much less painful.