> Wow.  Hadn't even *thought* of those.  Yes, that's a pretty good motivation
> for not permitting chown to users, from an administrative point of view.
 * 	(1) somebody doesn't have a mail spool file, on a system where
 * 	(2) certain editors (vi, ex) will use a "local" configuration

Well, the flip side of the coin here is that had Berkeley not invented
the notion of refusing to allow users to chown files, these bad design
decisions never would have been made (or would have lasted only until
the first misuse).

One useful question for judging how much of a hole chowning files _really_
is would be to ask how many security breaches in System V systems involve
chown.  I would suspect few to none (probably chiefly involving attempts
to administer the system as if it were protecting you from these errors).