By creating config files you can escalate through the mysqld_safe script using malloc_lib

Source: Bad news: MySQL can dish out root access to cunning miscreants