On the Correctness of Set-User-ID programs

[utzoo!decvax!ucbvax!unix-wizards]

>From JNC at MIT-XX Tue Aug 25 10:53:05 1981
	This is precisely the situation in which groups are useful.  I
use them all over to simulate protected domains (I take it that you
all understand this concept?), since there are plenty of spare gid's.
There is entirely too much software in UNIX that runs setuid to root;
I bet I could get it down (with a little finagling, such as a second
uid with less built in priviledges for things like mkdir) to almost
nothing if I were really concerned about it on my system.
-------