I presented at the Barcelona FIST conference a new way to local-hack linux box by infecting ELF executables.
It's possible do an elf-infection to a writable binary, and wait that r00t or a priviledged user executes it, is a simple idea but a complex implementation.
Here is my presentation:
And here is my implementation:
Here is a demo:http://www.youterm.com/?view=Player&video=hack/infector
echo hack/infector/exit | nc youterm.com 9999