Even without shell escapes there are fun and cames with abusing setuid (but accessible) programs. Things like opening all the available file descriptors, closing stdin/out/err before invocation, doing things to overrun buffers, etc…