Writing Safe Setuid Programs

Why is this hard? A few reasons: • a "bug" here can endanger the system • programs interact with system, environment, one another in sometimes unexpected ways • assumptions which are true or irrelevant for regular programs aren't for these Slide # 1