[chasil]

On this, you must understand the original "poverty of UNIX," in that it originated on a 16-bit PDP-11.

There was no room in that environment for a running service to elevate privilege, so it was implemented as a kernel system call.

This poverty meant that efficiency was required, and setuid was the most efficient mechanism.

It was a reasonable and efficient mechanism for its time, and it has successfully scaled to the realm of modern supercomputers, and remains efficient on the lowliest of embedded systems.

Maybe there was a more secure option bearing in mind of all the places that UNIX was forced to go, but I cannot think of one.