Bill Studenmund wrote:
> The difference is not that it can be less aware, but that it has no idea
> what has happened to the ids - it can't assume it is running at lower
> privileges, whereas a set-ID program should have a good idea what
> privileges it is running at.

We don't need to care about whose privilege is "higher". We only
need to ensure that potentially exploitable things are done
with id of user who executed the program.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@