matthew green wrote:
>    > you're asking that the library trust it's caller.  that will never be
>    > the case....as much as we would like it to be.
>    
>    Why not ? Clearly I'm missing something obvious.
> 
> quite simply the library has *NO IDEA* who called it.  trust can't exist.

But we can declare that if a program calls setreuid(2), then the program
is broken just like that programs which call gets(3) is broken.

All programs which currently use setreuid() can be converted to use
saved-uid feature, and saved-uid is more appropriate than setreuid(2),
because saved-uid can make the program secure about some library features
($HOSTALIASES is just one of such library features).

IIRC, Charles said that this is the way to go...
And I agree with him.
--
soda