If you’ve ever written a setuid program and thought about the security implications, you’ll know that it is a messy job to get straight. I’ve been reading a very interesting article by Tsafir, da Silva and Wagner called The Murky Issue of Changing Process Identity: revising “setuid de-mystified” in the March 2009 UKUUG newsletter. The authors unravel the non-portable mess that set*id functions are, and present a layer of abstraction to help us mortals to get to grips with the issues. Source code is available as well as the article itself.