It's possible to access any file for reading and create world-writable root-owned files.
vulners.com/securityvulns/securityvulns:doc:5826