looks like only solution is rm -rf /
ps
don’t try this at home
and especially not at work
only exception being your stepmother’s macbook
looks like only solution is rm -rf /
ps
don’t try this at home
and especially not at work
only exception being your stepmother’s macbook
That needs to be done as root, and in this case I was told root was not hacked yet. Besides, one needs balls to run that dreadful command, something rare nowadays - the irony.
They’re path traversal bugs, but the bug allowed writing arbitrary files, which could lead to arbitrary code execution if you write a script to a place where it can be executed.
It really is a shame that so many things are expected to be able to exec in temporary areas.
Didn’t notice that, but it would still require a certain level of access to achieve, no?
Yeah… The most recent issue I saw was that netdata failed to install when /tmp
is mounted as noexec (they’ve since fixed that): Netdata update in a /tmp hardened system · Issue #5289 · netdata/netdata · GitHub
Yeah… Although if the system has some mechanism of executing script files via web requests (such as PHP or an old-school cgi-bin
), you could likely use a traversal bug to write a script file into some location that’s publicly accessible (eg. write to /var/www/foo.php
or /var/www/html/foo.php
then try hit http://[server-ip]/foo.php
).
A common vulnerability I used to see many many years ago was that many forum systems had an attachments
directory where attachment files were uploaded and could be hit directly. Many Nginx PHP configs had a bug where files whose names contained .php
anywhere in the file name would be executed by PHP (rather than requiring it at the end). The security hole was that you could upload a file called foo.php.txt
, which the forum system would allow as it’s a text file, then hit something like /forum/attachments/foo.php.txt
and it’d execute the script. There was also a similar Nginx configuration issue where you could hit /foo.txt/whatever.php
and it’d execute foo.txt
as a PHP script.
if grep -Eq '^[^ ]+ /tmp [^ ]+ ([^ ]*,)?noexec[, ]' /proc/mounts; then
pattern="/opt/netdata-updater-XXXXXX"
else
pattern="/tmp/netdata-updater-XXXXXX"
fi
That is not a fix. My god that is still bad.