If B is itself running with its <i>effective user ID</i> different from its <i>real user ID</i>
then C will run without the authority stemming from B’s effective user ID.
More simply, a process can wear just one hat at an instant but can carry, two, but only two!
<p>
There are group IDs as well as user IDs but there we stop.
I find it difficult to design security solutions with these additional mechanisms for their allocation is already likely to have been set for other purposes.
In any case the dynamic nature of the required protection domains would seem to require dynamic allocation of user IDs and group IDs.
This is likely to be a can of worms.