QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
#!/bin/sh
# this combines wwwidefensecom/intelligence/vulnerabilities/displayphp?id=387
# and wwwidefensecom/intelligence/vulnerabilities/displayphp?id=386
# into local r00t w00t t00t t00t, hugs and kisses from wwwlortdk
# unset PAGER; man chmod | mail -s "urgent reading" support@qnxcom
# kokanin discovered this around augu ...