Thanks again for clarifying. Technical aspects of the network have never been my strong suit. Just another daft question: If nodes do not police the chain, then why is it advised for nodes to have a full copy of the blockchain? I always imagined it was for situations like the one discussed, to prevent malicious miners from propagating invalid chains.
Not daft at all - a good question.
As ranochigo explains, nodes are important to verify and validate all the transactions and blocks which make up the blockchain, but they do not judge where these transactions and blocks came from.
For example, if I submitted a transaction which sent all of Satoshi's coins to an address I control, then obviously that transaction would have an invalid signature. Nodes would therefore reject that transaction and not propagate it through the network.
If a 51% attacker submitted a block which contained such a transaction with an invalid signature, then again, nodes would reject that entire block and not propagate it through the network.
However, a 51% attacker
is able to submit valid blocks which contain valid transactions, which nodes will accept. They can also submit a whole chain of blocks which is longer than the current main chain, and nodes will automatically swap to this new longer chain if it is all valid. So as I explained above, if there is already a confirmed transaction sending their coins to someone else, they can replace that by releasing a longer chain which includes a transaction sending those same coins back to themselves. This double spend is still entirely valid as far as nodes are concerned - it spends a valid UTXO with a valid signature - so nodes will validate it and accept it.
This is the crux of a 51% attack. It allows the attacker to freely double spend their own coins. But nodes checking the validity of all transactions are what prevents the 51% attacker from accessing anyone else's coins.