non-superuser chown(2)s considered harmful

[Tom Christiansen]

In article <1990Dec11.005644.20688 at cbnewsk.att.com> hansen at pegasus.att.com (Tony L. Hansen) writes:
>The mail(1) command uses chown(2) and set-gid to give a secure mail system. I
>feel that other methods are fraught with potential security holes.

It doesn't on a BSD system, and you're right, this has been the source
of many security holes.  Whether we've finally solved them all or not 
is unknown.  

--tom
--
Tom Christiansen		tchrist at convex.com	convex!tchrist
"With a kernel dive, all things are possible, but it sure makes it hard
 to look at yourself in the mirror the next morning."  -me