The second thing I discovered was that it is actually possible to run an incepted opensh shell as a regular user and gain full root privileges without needing to supply a root password! This is obviously a huge security hole. I'd also like know if this problem occurs when running opensh under an open-mode kernel. I suggest that anyone using an incepted opensh locks down both /bin/opensh and /bin/open-sh executables with 700 permissions until this is sorted.