Under some conditions unprivileged user can be validated as 'root'.
vulners.com/securityvulns/securityvulns:doc:11901