In message <15723.975368734@eterna.com.au> matthew green writes:
:    
:    In other words, given the mechanism we have now in the various BSDs,
:    EVERY SETUID PROGRAM SHOULD BEGIN WITH:
:    
:    	seteuid(getuid());
: i completely agree with this.  i'd just like to note that it doesn't stop
: buffer overflow attacks as the "shell code" can just call setuid(0) before
: it calls exec....


Ah, but there are two problems here.  One is the buffer overflow
problem, and the other is opening the wrong file problem.  You'll
likely never completely solve the buffer overflow problem short of
solving buffer overflows (which is an API change for many apis and a
migration to the new save api, or interesting compiler tricks).

The thing that started this whole mess is easy to solve and solutions
have been posted.

Warner