/sbin/udevd is, for some reason, owned by midfun. It is executed as root from an init script. So as midfun, I swapped it for a shell script which adds a back door and then execs the original udevd with all arguments. Am now in as root. Oliver