Hacker News new | ask | show | jobs
by tgv 52 days ago
I'm not sure I get it. base64 is on the list. That can't do anything but read a file to which the user already has access, I think. Am I mistaken or does "a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems" not mean what I think it does?
3 comments
david_shaw 52 days ago
I think the idea is that if you're given an improperly configured restricted shell/command access, you can use any of the listed tools to gain access to some subset of what that user would normally have access to in an unrestricted environment.

A very simple version of this would be if you set a user's default shell to "rbash" but the user can just run "bash" to get a real shell.

link
arcfour 52 days ago
Maybe sudoers is configured to allow you to run base64 as root. Why would someone do this? No idea. But if you are in such a situation, now you know how to bypass the intended permissions and read any file on the system.

Or maybe you give Claude Code permission to run `base64` without review without realizing this lets it read any file, including maybe your secrets in .env or something.

link
castillar76 52 days ago
The former happens a lot when people try to block specific commands for sudo, instead of taking a "permit these only" approach. If your sudoers file says you can access "all these commands but not cat", the site points out that you can still use base64 to accomplish the same ends. The effective solution is to start from "you can run exactly these commands and no others", which at least allows you to reason about what the user can and can't do.
link
tgv 50 days ago
Ok, but it still doesn't make much sense to me. Why would you let someone log in, get a shell and then forbid cat? I've been using Unix and Linux for more than 30 years now (and even some BSD) for various purposes, but there's no natural scenario that leaps to mind, much less anything involving sudo.
link
some_random 52 days ago
A common situation is that you have access to a handful of tools that have root permissions, either because they're specifically allowed to be invoked (sudo -l) or because they're invoked by something else with root.
link