Retaining file permissions

[Dan Bernstein]

Rather than thinking about security holes, think about user mistakes. If
the kernel turns off the setuid bit upon write, it is much less likely
for a setuid program to be accidentally corrupted than it would be
otherwise. End of discussion.

(User mistakes aren't always the end of the story; sometimes you have to
consider denial-of-service attacks before you see why something reduces
security. But this case is relatively simple.)

---Dan