But we can declare that if a program calls setreuid(2), then the program
   is broken just like that programs which call gets(3) is broken.

i really don't agree with this.

	- gets(3) is almost impossible to use sanely.  one must have complete
	control over both the reader & writer, and this is probably never been
	the case for any gets(3) using program.

	- setr*id() is easy to use safely, and has been used safely in programs
	for N years.

going down this road just seems like another hack-solution to me... (but
aren't they all?  sigh.)


but on the otherhand:

	- seteuid() based saved-id's are, from what i've seen, the best way
	to manage these priviledges sanely.


so i would of course completely agree with converting all programs to use
seteuid()-style code.  the next step would be to remove setr*id() and bump
the libc major finally!


.mrg.