Oh, and I just realized that if a system were to do this for all setuid binaries,
then it would be very important for the linker to treat these "enhanced capability"
programs just as it would setuid/setgid programs... Ie: don't allow $LD_PRELOAD
and such... Otherwise, of course, it would be trivial for anyone to gain their
enhanced capabilities... Which, while not as bad as gaining root, is still not
something you want to make trivially easy to do...