The exploit already succeeded at that point, creating the setuid /tmp/rootsh is just a way of making it permanent.