Level4 -> Level5

This program is readable by members of the group level4, allowing attackers to spot the hole. The danger here is that the program executes a system command without giving the full path to the target program. The vulnerable program is dependant on the user's PATH, which give the attacker the opportunity to run the program of their choice with elevated privileges.

This is actually less difficult than the assault on level 4, in my opinion.