>a non-login shell.  I have tried creating a symlink called
>/etc/suid_profile pointing to /etc/profile and I have tried creating a
>proper file, both are ignored. 'strings /bin/ksh | grep suid_profile'
>confirms it's in the (stock NetBSD 1.5.2) binary.

when you su, the shell is not privileged, wrt the definition in the
ksh man page:

       A  shell  is privileged if the -p option is used or if the
       real user-id or group-id  does  not  match  the  effective
       user-id  or group-id (see getuid(2), getgid(2)).  A privi-
       leged shell does not process $HOME/.profile  nor  the  ENV
       parameter  (see below), instead the file /etc/suid_profile
       is processed.  Clearing the privileged option  causes  the
       shell  to set its effective user-id (group-id) to its real
       user-id (group-id).

when you su, your real uid and effective uid will match, so it won't
read /etc/suid_profile, but i suspect it also doesn't read
/etc/profile because it's not a login shell.  otoh, if you do this instead

	su root -l

it *will* be a login shell, so it will read /etc/profile.  you can
also use -p (or combine them) there if you wish.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."