if you have privs to start X you don't even want root, because this is a desktop machine, and you already owned the user who runs all the desktop shit (X,file browser, terminal emulator, web browser, etc) and already got all his passwords and documents. i guess the vuln might be useful for anyone who's dumb enough to install X11 on their server though
shut the fuck up LARPer
>exploit-db.com
fuck all these nuinfosec homos on twatter
IT DOESN'T FUCKING MATTER WHAT YOUR DISPLAY MANAGER DOES
Even if your display manager managed to start Xorg as non-root or if your init system started Xorg or whatever the fuck you're pulling out of your LARPing ass. It-Does-Not-Fucking-Matter.
This has nothing to with your running X session, you don't need a running X session for this exploit, all you need is a vulnerable Xorg binary (/usr/bin/Xorg) with the SUID bit set (every distro does this).
It's also fucking hilarious how everyone keeps copy-pasting "root::16431:0:99999:7:::" and thinking it's some sort of secret code, it even got censored in the computerphile video, you can just use "root::::::::" and it works the same, because all of the fields but the first (the username) are optional, the guy who tweeted the one-liner probably just copy-pasted his line from his /etc/shadow and deleted the password field (which is the second).
>Calling (((freedesktop.org))) backdoor a bug
Now this is necro bumping
He's referring to the possibility that the user which ran sudo/su could have a .bashrc which aliases sudo/su to a malicious command (which can additionally remove all traces of itself and its alias after it harvests the user's password). Given a working ACE exploit, it's trivial to do this.
Ever notice how the people who parrot this shit in every post they make always end up being the actual "larpers"?
You didn't listen. Now your PC has niggers. You could have prevented this by taking the ELITE FRAMEBUFFER PILL.