On 26 Feb 2017, at 17:05, Michael Kjörling <michael at kjorling.se> wrote:
> 
> In the translated text that I have, the hacker relied primarily on
> Emacs' mail feature to move the compromised atrun into place for
> execution, in order to gain temporary root privileges.

This was the movemail SUID bug, and it's indeed in the original although I'm not sure how much detail he goes into.