MORE SSH Hacking: heads-up

[netmask]

> An already logged in user ALSO can't do it, because you can't trace SUID 
> binaries..
>
> try it 'strace su'.

Sorry, let me be more specific on this:

you can't remotely attach to it..

'strace su' in one term, strace -p $PID  in another..  You'll get an 
'operation not permitted'

further, if you 'strace' su, sudo, or anything else.. it wont run with root 
permissions, it'll run with the permissions of the user who ran strace.