>>/405/
That's why every sane program on Linux drops root privileges after binding to wanted network interfaces and such.
Local attacker could just download wanted code or use scripting. And I doubt tools attacker would want to bring is X11 apps.