On Wed, 19 Nov 1997, Scott Reynolds wrote:

> > Why does a non-suid program need a security sweep anyway?
> 
> oh, i don't know.  you've said it yourself; you can't see the security
> hole, but does that mean it's not there?

It's all a matter of confidence and past experience, isn't it? How
many bugs causing comprimise of another account have come from
badly written suid programs in the past five years? How many from
badly written non-suid programs? It doesn't take a genius to figure
out where the problem lies here.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite myst, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.