[arcfour]

Maybe sudoers is configured to allow you to run base64 as root. Why would someone do this? No idea. But if you are in such a situation, now you know how to bypass the intended permissions and read any file on the system.

Or maybe you give Claude Code permission to run `base64` without review without realizing this lets it read any file, including maybe your secrets in .env or something.

[castillar76]

The former happens a lot when people try to block specific commands for sudo, instead of taking a "permit these only" approach. If your sudoers file says you can access "all these commands but not cat", the site points out that you can still use base64 to accomplish the same ends. The effective solution is to start from "you can run exactly these commands and no others", which at least allows you to reason about what the user can and can't do.

[tgv]

Ok, but it still doesn't make much sense to me. Why would you let someone log in, get a shell and then forbid cat? I've been using Unix and Linux for more than 30 years now (and even some BSD) for various purposes, but there's no natural scenario that leaps to mind, much less anything involving sudo.