|
|
|
|
|
|
by xyst
343 days ago
|
|
|
Pretty cool and nice find. I already have a "malicious" Chart.yaml in mind for this attack just based on the description of vuln. Fortunately, my dotfiles are managed with nix so trying to write to those files on a read only partition will raise many red flags for me. I don't use bash, but maybe should write a dummy .bashrc (and other start up script equivalents for fish) as some sort of canary. If I happen to overlook the malicious shell script crafted in a dependency on helm chart, I would get nasty errors that a process was trying to write to a read only file. |
|
|