In this PoC example, we will put shellcode in the HACK environment variable, and overwrite GOT entry of getspnam() function with HACK address. There are NOP opcodes in HACK variable, but in fact, they are not needed. In the end, root shell is spawned. Enjoy!