Greywolf wrote:
> I think that the deletion of either or both set*uid or the saved-set-id
> mechanisms, based on a demagogical choice as presented, would be a mistake.
> It would be a complete rewrite of the paradigms which, collectively, define
> what a *NIX-like OS is.

Note we talk about setr*[ug]id(), not set*id() generally - the idea
being that suid/sgid programs don't need to change real id as long as they
can change effective id  temporarily via sete[ug]id(), or drop extra privileges
altogether via setuid()/setgid().

setr*[ug]id() don't offer any useful semantics not achievable via
other set*[ug]id() and make things difficult for those library routines
which need to know original real id in order to be able to do exploitable
things with id of user who runs the binary.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>      http://www.ics.muni.cz/~dolecek/
@@@@  Wanna a real operating system ? Go and get NetBSD, damn!  @@@@