Ok. I'll officiate. What's the dollar amount? I recommend $100, and that the winner donate the proceeds to their preferred charity.
The bet is over when I demonstrate to you that (a) I didn't invent the term "localhost vulnerability", much as I wish I had, and (b) this vulnerability isn't strictly a "root" vulnerability. I'll withhold any further description in the interests of routing money from your bank account to a deserving charity, and I will match any dollar amount that davidw agrees to.
You mean "root exploit" not "root vulnerability." The second term is again mistaken, although it gets used a lot.
Did you even read the exploit code? He's figured out a way to overwrite LD_PRELOAD environment variable for anything SUID. That means that you get to tell the binary to load libraries other than what it planned on loading. And hence run arbitrary code.
This has nothing to do with "localhost." If you'd like to give examples of people using "localhost vulnerability" in the past, go right ahead and link to them.
The bet is over when I demonstrate to you that (a) I didn't invent the term "localhost vulnerability", much as I wish I had, and (b) this vulnerability isn't strictly a "root" vulnerability. I'll withhold any further description in the interests of routing money from your bank account to a deserving charity, and I will match any dollar amount that davidw agrees to.