#!/bin/sh
You would use this instead:
#!/usr/bin/indir -u
#?/bin/sh /path/to/script
indir runs some checks to make sure no exploits are possible, then starts an SUID shell and transfers control to it. I use this all the time, and it works perfectly, but there are some catches. You can't use bash as the secondary interpreter; you have to invoke as sh (actually the same program) instead. The PATH environment variable is ignored. For more information, see the documentation distributed with indir and search the archives of comp.unix.* on Google Groups.
The code is very old and somewhat hard to find. Just now I was able to find it here. Be sure to install the following patches: 1, 2.
[robg adds: I haven't tested this one.]

