There is probably a good case to be made that setuid is more
security then a random service that can setup
processes into different cgroups/namespaces, security zones.
setuid allows you to maintain the fork() exec() model, and keep
On 05/06/2016 01:49 PM, Muayyad AlSadi
why setuid? why not just do the non-privileged part,
then fire a dbus event to some root service to do the
privileged part of adding network config. (and uses policy
kit to validate the request).
or a root daemon that do the privileged part of network
so in summary
an unprivileged user tool that do every possible thing (except
it then fires a dbus event or a request to privileged daemon
"please configure network on this please"