Chipzz wrote: >> True, but if you type "su" instead of "/bin/su", then you're >> vulnerable to shell aliases or changed PATH variables. > > Yes, and su works because it's setuid root. A bit you can only set as; > big surprise, root.
The alias or phony command in question could quite easily wrap the real "su", grabbing the password before allowing the genuine suid binary to do its work. These are not theoretical attacks I just made up; they are real-life security threats. This shows how easy it is to get a false sense of security from the user/group model if you don't understand exactly how it can be attacked.
