[arp242]

> IMO. suid feature is huge security hole.

As opposed to running background processes as root...?

This is just mindless dogma at this point. You're going to need something to elevate permissions, and setuid is as good of a scheme as any. ssh or run0 are not magic and just as "vulnerable" as setuid or anything else. Any of these schemes are "security holes" if you abuse it.

[herczegzsolt]

The argument is, that in case of sudo, the caller (potential attacker) controls the environment. In many cases, software or libraries are not made with a hostile environment in mind. Think of LD_PRELOAD or PATH ...

When there's a daemon running in the background, the attack surface is more commonly understood. The environment is not under attacker control.

Libraries rarely treat data from socket as "trusted" but often blindly trust environment variables, or stdin/stdout/stderr.

[arp242]

That has nothing to do with setuid, and is a very different argument from an unqualified "suid feature is huge security hole."

sudo etc. already clear much of the environment. And you're going to want to keep some of it because people expect "sudo foo" to work (which you can't do without PATH).