mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.