I have heard a lot about setuid/setgid being evil, bad, and dangerous to mess with. This seems obvious enough when one is talking about using them to elevate privileges. But what about for reducing privileges? I realize this is mostly academic, because GTK programs refuse to run when setuid/setgid... But wouldn't running an internet-facing program as setuid and setgid nobody (or better yet, setuid/setgid as its own unprivileged user) be an effective way of automatically sandboxing it? Especially on single-user systems?