@Trevor -

So this one I'm not quite sure about, but from the way it is phrased and your examples, it is showing ways to "abuse" access, not just methods of elevation.

You are correct in the many ways things are being abused, but you left out "su" of switching of users. Again, this requires a password and the easiest thing to do is hack passwords and we all know the root is on all systems. You also left out things such as rogue SystemD services and proceses. If something breaks out there, you could potentially have issues with processes running at a root-level that shouldn't.

So I'm guessing you might also be wondering how do we mitigate issues from abuse with privilege elevation ...

• Disable root account login with password completely (can't abuse password that doesn't exist)
• Leverage SELinux users
  • Use SELinux users that restrict the users that have ability to SUDO. If you don't know what this does, it requires users to have a special SELinux user flag attached to their account so they need to have SELinux user set properly (because if it isn't even if they have full SUDO privileges they can't run SUDO).
• For passwords, we can use 2FA and tokens for additional elveated security along with PAM settings to help and assist more 
• Use SELinux "jails" around processes to ensure that network ports, and filesystem have labels that are required preventing rogue services from having full system-level access.

@Trevor quite a comprehensive list of typical privilege "exploitiation". 

Another ones could be ( but not limited to

1. world writable /tmp or insecure NFS mounts

2. srvices running as root with vulnerabilities.

3. PATH or env variable hijacking.

4. Container escape ( container related misconfigurations ).

5. Forgotten credentials, hard-coded passwords or exposed config files/keys.

6. Bugs in app/software.

7. Orphaned user accounts or obsolete service accounts.