write a backdoor :)
A kernel module that drops the user into a root shell if they call an obscure kernel functionality with a secret value in some registers.
This should be somewhat easy to start and self-contained. If you want, you can easily extend it if you want things to become more fancy. E.g., hiding the secret constant. Implementing a challenge response protocol, limiting access to other global state (hardware dongle? ip address?) and so on.
This should be somewhat easy to start and self-contained. If you want, you can easily extend it if you want things to become more fancy. E.g., hiding the secret constant. Implementing a challenge response protocol, limiting access to other global state (hardware dongle? ip address?) and so on.