Re: The real culprit
> Lots of good stuff about SUID
Most *nix implementations makes sure that things aren't left open when using SUID, so for example LD_PRELOAD on HP-UX allows you control the loading of libraries, but not for SUID programs, where it's just ignored.
If you are going to need to make a hole in your security model, such as SUID, you have to make sure everything around it is guarded.
But no SUID and there can be no passwd command, no sudo or su etc...
But this hole is just plain dumb.