According to the release announcement for version 2.9.9, there is a
security issue that need to be fixed in LinuxCNC:
To address the last part first, it has been noted by two separate
people that a weakness in the RTAPI allows for privilege escalation as
it runs as setuid root (to give direct access to hardware). Given the
use-case for most LinuxCNC machines this is unlilely to be a problem
in most cases; most hobby users will have root access anyway. The
issue has been patched in both 2.9 and in the development branch.
I am not sure which version the problem appeared, but list is as
existing in oldstable to get a fairly solid baseline.