Good suggestions. Also keep in mind that you don't always suid to root. You can also suid to another user (which seems to be the case here).
Sure. Just like login does.
Actually, want I would really like to see is the ability to mark certain sections of code to be ran as another user, but to do this marking at build time rather than using a elevation and de-elevation algorithm. This avoids the problem of someone being able to in non-elevated mode call elevate, as the code was immutabley marked at build time to run at whatever privilige level it was set too.
This is not UNIX's current model, and it might just be a half-brained idea, but it seems to me it would get past the major weaknesses of setuid programs.
Cheers...james