They're elegant at first glance, it's just the attack surface of "exec this other program" turns out to be enormous. eg. You wouldn't necessarily think that you'd have to clean out all environment variables, but what if your program is linked to some library that tries to parse some obscure environment variable and that parser has a bug. And the list goes on.
The alternative is sending messages to daemons, but as it turns out, the attack surface of those is pretty large too, albeit not as large as setuid.
The whole "do some work on my behalf with elevated privs" is not exactly a solved problem in Unix.
Suid binaries were a bad idea and should be removed anyways.
They're elegant at first glance, it's just the attack surface of "exec this other program" turns out to be enormous. eg. You wouldn't necessarily think that you'd have to clean out all environment variables, but what if your program is linked to some library that tries to parse some obscure environment variable and that parser has a bug. And the list goes on.
The alternative is sending messages to daemons, but as it turns out, the attack surface of those is pretty large too, albeit not as large as setuid.
The whole "do some work on my behalf with elevated privs" is not exactly a solved problem in Unix.