|
|
|
|
|
|
by oyf
1766 days ago
|
|
|
If you have the ability to set environment variables then it's basically already game over, with or without the existence of the antigravity module. You could set PATH to change which files are executed in certain scenarios. You could set SSLKEYLOGFILE which logs session keys to an arbitrary file, essentially nullifying TLS/SSL protections. On Linux you can just set PROMPT_COMMAND to whatever you want and it'll be executed any time a bash prompt is printed. It's an interesting attack vector, but a vulnerability requires impact, and I'm not sure this has very much. |
|
|