The important point is that this is not ordinary file writing. It never calls write() on /usr/bin/su. Instead, it appears to rely on a kernel bug/primitive involving spliced file pages and the crypto API to get controlled bytes placed into the page-cache representation of a privileged executable.
HTML格式使AI能够更好地解释复杂的技术概念,如内核漏洞利用机制,通过结构化呈现提高理解度。