[rithdmc]

I think you have the wrong end of the stick. The OP link is a resource for when you do get access to the processes environment which has already been reduced via containers, jails, or what have you.

If the environment is already restricted, but the process has, for example, access to the base64 tool, here's how you can use that to do something you otherwise aren't able to.

[tremon]

I can't read the original article because Github is having a very bad day, but I don't really understand the attack model here.

If a process has access to any tool that isn't statically linked, the process already has access to ld-linux.so and can therefore execute any binary it has read access to. "restricting access" by enumerating the binary paths a program can execute is not a very useful restriction by any means.

[rithdmc]

The original article is a list of ways to achieve certain features (ie, reading a file) when you don't have it natively (ie, no cat, but for some reason, base64).

> execute any binary it has read access to

Maybe I'm missing something, but in these restricted environments, why would the system have read access to binaries it doesn't need or use?