Both sendmail and sliplogin are accidents waiting to happen, in my opinion. Of course, current versions are immune against known attacks. But sendmail's sheer size makes it quite probable that whatever class of security problems is discovered next year will also afflict sendmail. And invoking the shell from a setuid application such as sliplogin is also flirting with desaster - the shell is a powerful thing, and it wasn't exactly designed with security in mind. Otherwise harmless memory bugs in /bin/sh can turn into a liability with applications like sliplogin.
However, I believe that it'll take quite a while before we see sendmail being rewritten in a safer, modular design, or being replaced by other mail agents such as qmail or postfix.
Likewise, applications like sliplogin will probably continue to be around for a while. sliplogin itself is probably close to obsolete thanks to SLIP being abandoned in favor of PPP by almost everyone. But that doesn't mean users won't need similar tools that will be implemented in a similar way.
Therefore, the following sections discuss common mistakes that can hurt you in setuid applications, and describes how to avoid them.
However, if you believe you do need a setuid application, and absolutely have to run external commands from within it, I urge you to read the next chapter as well, where I will discuss some alternative solutions that work without any s bits.