This is an exploit for HoleyBeep.
To use it, place any command you want root to execute in
$ cat /tmp/x echo PWNED $(whoami)
The exploit takes a path to write to (the file must already exist) and rewrites its first bytes to
This means that if it's a shell script, it will execute
/tmp/x as its first and only command.
To gain root access, the idea is to use the exploit to overwrite any file in
/etc/profile.d/ so it will execute
/*/x on the next login, possibly as the root user.
Variants are possible using cron instead of the shell, so you don't have to wait until root logs in.