Use `su -c` in LPE
su -c is convenient to use, but, when you use it in your LPE exploit, hoping it to execute your command, you will probably get
su: must be run from a terminal
the obvious solution is give it a "terminal" to run from
there's a forkpty function provided by pty …