"In the opinion of the GTK+ team, the only correct way to write a
setuid program with a graphical user interface is to have a setuid
backend that communicates with the non-setuid graphical user interface
via a mechanism such as a pipe and that considers the input it
receives to be untrusted." More at LWN.net.
January 3, 2001