[more related to CVE-2005-4890]
only affects the su executable, so if you use sudo you're not affected
