Local root exploit for OpenBSD up to 3.1 which takes advantage of the fd race and skeyaudit binary.
942689559f299505c2d3b0892168e2f9e4a4e49b301c8a85a802e0d8e1361e0d
On current OpenBSD systems, any local user can fill the kernel file descriptors table, leading to a denial of service. Because of a flaw in the way the kernel checks closed file descriptors 0-2 when running a setuid program, it is possible to combine these bugs and earn root access by winning a race condition.
e1b6639e9a5ff47fdbc4fbd454486735d12558a62364c4a7a3c8f06239895718