Greg Woods wrote:
> NetBSD is *not*, by design, more secure than POSIX.1.  !!!!
> 
> The fact that a setuid-non-root process can forever give up its
> privileges makes little, or no, difference in the end.

Thanks for your comment.
But original 4.4BSD developers didn't think so, that's why 4.4BSD semantics
are different from POSIX semantics.
And Charles M. Hannum, Matthew Green and other NetBSD developers don't
think so, either.

> Su only uses setuid(), not seteuid() or setreuid().  I've never
> seriously proposed changing setuid(2).

If you won't change setuid(2), buffer overrun attack is still possible,
thus, open_as() didn't make system secure.
--
soda