> > Because we have it for standards compliance, we'd like to keep it. We'd
> > also like to make life with it safe.
> 
> Is there any standard defining them ?

Single UNIX Specification Version 2, at least.

But what I'm recommending is not removing setreuid(2) and setregid(2)
from libc and kernel (this cannot be done without changing libc major number),
but removing reference to setreuid(2) and setregid(2) from our
applications just like removing reference to gets(3).

Thus, this should not be a problem about standard conformance.

(And removing reference to getreuid(2) and getregid(2) from basesrc
 is already done by mycroft.)

P.S.
As Matt mentioned, NetBSD doesn't confirm to POSIX.1 about setuid-non-root
program behaviour of setuid(2), and never will conform to POSIX.1 about
this due to the behaviour of NetBSD is more secure than POSIX.1.
--
soda