It is possible for any local user to run a command as root on a vulnerable box! (running Corel linux 1.0 with xconf utils).