"This article attempts to walk the fine line between full disclosure and published exploits.
The object of this article is to illustrate how SUID programs work in order to help others
writing their own programs avoid some common mistakes. The examples I provide are
detailed enough to help you understand each danger, but I don't promise that all will
work exactly as demonstrated if you try to use them maliciously." Full article at SysAdminMagazine Online.
May 31, 2001