In those 6 years, how many programs packaged and distributed by Debian were exploiting that?
If you can run the "beep" command, you can also edit the user's environment and from their easily escalate to root anyway. In modern desktop linux, the user is almost always the admin as well, a single person using their personal computer, so getting root is merely a matter of waiting until the next time that user uses sudo/etc. Windows tries to mitigate this sort of attack using secure UAC prompts that are apparently difficult for attackers to emulate, or so I've been lead to believe. But common desktop Linux distros don't require anything like that. Instead, the user has to be cognizant of such possibilities and not run programs from people and organizations they don't trust.
If you can run the "beep" command, you can also edit the user's environment and from their easily escalate to root anyway. In modern desktop linux, the user is almost always the admin as well, a single person using their personal computer, so getting root is merely a matter of waiting until the next time that user uses sudo/etc. Windows tries to mitigate this sort of attack using secure UAC prompts that are apparently difficult for attackers to emulate, or so I've been lead to believe. But common desktop Linux distros don't require anything like that. Instead, the user has to be cognizant of such possibilities and not run programs from people and organizations they don't trust.