Guide to writing secure setuid programs?

[Prentiss Riddle]

There's been a recent flurry of discussion in comp.bugs.sys5 about a
few specific security pitfalls to avoid in writing setuid programs.  I
get the feeling that this is just the tip of the iceberg. 

Can anyone point us to a more comprehensive guide to how to write good
setuid programs?  If you've got something on-line, please consider
posting it; if you know of good book or journal references, please mail
them to me and I will summarize. 

And if nothing of this sort exists, perhaps it's time to write one. 
Thanks. 

-- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
-- Opinions expressed are not necessarily those of my employer.
-- riddle%woton.uucp at im4u.utexas.edu  {ihnp4,uunet}!ut-sally!im4u!woton!riddle