[vbezhenar]

There must not be a single suid program in a safe system. The concept of suid bit is flawed and nothing but a hack. You can build sudo-like functionality using ssh @localhost and additional root user with special shell.

[yakubin]

That to me sounds like moving the problem from a privileged binary to a privileged daemon and putting a network stack in the middle. I don’t see how it solves anything. Any way you can secure sshd you can probably apply to the suid binary as well.

[Sohcahtoa82]

This requires enabling being able to log in as root, which I'd rather not enable.

[Beltalowda]

And that sshd server is running as root, which is really just the same as setuid except with extra steps.

[mindwok]

To be honest, your solution sounds far more hacky than a suid bit. A suid bit is effectively just a mechanism to implement privileged access in user space. I don’t see what’s hacky about that.