What's to stop somebody from creating a setuid-root binary on a flash drive, then putting it into another person's computer and getting root access? I assume there's some kind of protection against that, but I don't have a spare drive to test with.
EDIT: Formerly said "script"; changed to binary. See my comment.
If a volume is mounted nosuid then the setuid bit is ignored on executables. At least newer versions of Fedora mount external media with this option.
Also, setuid does nothing for scripts unless the interpreter is prepared to run a separate copy of the interpreter as the user in question. Not many are.
