Princípio do menor privilégio: O Authbind helper realmente precisa do setuid root, ou ele pode ser executado com o cap_net_bind_services?

Encontrei este trecho neste tópico intitulado: Vincule a portas com menos de 1024 sem acesso root .

trecho

I dimly remember a library called "authbind" that does what you need, by wrapping the bind() system call (via a LD_PRELOAD library), and, if a privileged port is requested, spawning a setuid root program that receives a copy of the file descriptor, then verifies the application is indeed permitted to bind to the port, performs the bind() and exits.