Of course, any program can be installed setuid simply by flipping on the setuid bit in the file's permission mask. From this perspective, setuid-ness is just a property of the file system.
Of course, that's silly. If you go around simply turning on the setuid bit on more or less random applications, you may as well write down the root password on a post it note and stick it to the underside of the keyboard. Typically, a program is installed setuid because it requires special privilege, e.g. in order to manipulate certain files (as we saw in the case of passwd), or because it needs to invoke a system call that requires special privilege. For instance, the ping application needs to create a special socket that only the root user is allowed to create.
Writing setuid or setgid applications is really a design issue. There must be a very compelling need to create a setuid program, because each additional ``s'' bit on your system increases the risk to your security. In addition, parts of the overall application that is supposed to use the setuid component must be designed around this setuid helper.
We will return to setuid program design issues in
chapter ![[*]](file:/usr/lib/latex2html/icons/crossref.png){kind=icon}
. For now, let's highlight common pitfalls
when writing setuid applications, and how to avoid them.