RealUID, Saved UID, Effective UID. What's going on?

Question

This is a set-root-uid program

$ls -l
-rwsr-sr-x 1 root root 7406 2011-12-13 22:37 ./x*

The source code:

Answer 1

O! These functions are difficult to use correctly.

The man page states that setuid will change the real,saved and effective uid. So after the calling setuid(1000), all three change to 1000.

That is the case if and only if you are euid 0. At the time you call setuid(0), however, you are euid 1000 and saved uid 0 (check getresuid(2), for example). That's why you're able to regain privileges.