SUID shell scripts, questions?

[elfchief () lupine org (That Whispering Wolf...)]

I was looking around the net this weekend, and found something that made
me start thinking.

SUID shell scripts are traditionally insecure in unix environments. From
my understanding, this is because when the kernel hits the #! magic
number when executing the file, it then execs a shell and passes the 
name of the shell script as an argument. Since starting the shell can take
a finite amount of time, there's a race condition where you can substitute
in a different file for the one that originally spawned the shell.

Also from my understanding, at least one Unix has solved this problem
by making a /dev/fd filesystem, and passing a file descriptor to the
already open file as an argument to the shell, which makes sure that
the file that gets opened is really the one that the kernel originally
opened.

Now, assuming I have all that right (someone correct me if I'm wrong), let
me say this. While looking around on the net, I found a /dev/fd device
driver for SunOS. I've played around with it, and it seems to work just as
it's designed.

Now, since some on the list have the kern_exec.c code from the SunOS
kernel (I'm sure SOMEONE kept a copy), shouldn't it be possible to 
patch this source so that, combined with the /dev/fd filesystem, SunOS
supports secure SUID scripts? It seems to me that it should be easy to
put a truly useful feature into SunOS that wasn't previously possible.
I, unfortunatley, don't have the skill to do something like this, but
surely SOMEONE must be able to, and ditribute diff' to the code.

Or am I missing something really obviou here?

                                                                        -WW

[Note to the listowner: I hope this classifies as on topic -- I think 
discussion of closing security holes is as on topic as talking about
the existance of them, yes?]