The security hole is that secrets in a setuid application with
other-exec but no other-read permission can be read when the
filesystem is mounted nosuid.

Erm no

We enforce the following anyway to prevent execution being permitted to
make file copies. Most Unixen do although its historical value is
primarily to prevent people "stealing valuable proprietary intellectual
software assets".


      } else if (file_permission(bprm->file, MAY_READ) ||
                    bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
      { 
             set_dumpable(current->mm, suid_dumpable);
      }

There does appear to be a small race in modern versions of that code
which wants swatting.