The trouble with symbolic links

The trouble with symbolic links

Another reason to be biased against SUID is that it's a quick solution to the problem of users not having root access to the entire machine.

There are three different ways to run something as root on a Linux-like system (assuming that you've got an ordinary user account):

1. Get someone to log in as root and run the command directly for you.
2. Send a message over a suitable transport to something that runs the process for you - AF_UNIX sockets, SSH to localhost or similar, authenticating you and deciding whether you can do that.
3. Get someone to make the command SUID and run it yourself.

The first is a non-starter if you're not trusted with root yourself - the coordination to keep someone with root access around is a pain.

The second involves more code. You have to have something running that can make the policy decisions based on a string sent to it, and then execute the process for you. There's also complexity around transferring "enough" environment state to the privileged process, and transferring results back.

The third is easy. Most of your SUID process's state is the same as it would have if it wasn't SUID, except for a few "minor" bits here and there (and this list of things is growing as we find security holes that cannot be fixed except by resetting state).

Ideally, everyone would bother to do the second option for things that need to be privileged - but that's a lot of work, and SUID is a "neat hack" that means you don't need to do it.