I believe it is an attack on a poorly-coded SUID root function.
Certain executables in Unix run SID root, which means that the program runs as root even if the user is an ordinary user. For example, the ‘ls’ command runs as root, so any user can see any other user’s processes. Provided the executables are properly coded and tested, this is not an issue. But a big part of the Unix hacker’s toolkit is to try to get an SUID binary to execute arbitrary code, so these functions have to be careful tested.
Is that a Mac silliness? ls (or ps, which you probably meant) certainly aren't suid on RHEL.