On consideration, we have decided to maintaing an audit trail by including the username in the supplied comments instead.

It's not as robust auditing, but it's a load less pain. And despite my posturing I also intensly dislike invoking anything setuid from a webserver.

Of course if the clients are windows, I could just embed the executable code in a jpeg ;)

PS: I'm honoured to have the great Randal reply to my question - and in Australian Standard time too!