I see some security warnings about local users can gain root via a setuid exploit... There is a bug in [package] which may allow local users to gain root via a setuid file... How does this work?