Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://shitposter.world/objects/a7f21a15-1b0a-4dc6-8b9e-5e49ddb6f3d1">Jeff "never puts away anything, especially oven mitts" Cliff,  Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:54:01 JST</a><a href="https://shitposter.world/users/jeffcliff" title="jeffcliff@shitposter.world"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt='Jeff "never puts away anything, especially oven mitts" Cliff,  Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧' style="position: absolute; left: 0; top: 0;">Jeff "never puts away anything, especially oven mitts" Cliff,  Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧</a><div><a href="https://shitposter.world/objects/8533b494-1318-41c4-88e8-442db62d5cd3" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article>&gt; shell scripts looks innocent and can be run<br><br>yeah you'd think that Mr. Aboukhadijeh but i'm old enough to remember debian installing 'beep' setuid root with a "it's pretty innocent, the whole program is what 6 lines of code?  go read the code and then say yes" warning on install for like a decade that turned out to be a bad idea because those 6 lines of code contained a privilege escalation attack allowing any user on the system to get root access using "beep"</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4049088#notice-7911760">In conversation</a><time datetime="2024-11-22T15:54:01+09:00" title="Friday, 22-Nov-2024 15:54:01 JST">about a day ago</time> <span>from <span><a href="https://shitposter.world/objects/a7f21a15-1b0a-4dc6-8b9e-5e49ddb6f3d1" rel="external" title="Sent from shitposter.world via ActivityPub">shitposter.world</a></span></span><a href="https://shitposter.world/objects/a7f21a15-1b0a-4dc6-8b9e-5e49ddb6f3d1">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Friday, 22-Nov-2024 15:54:01 JSTJeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
in reply to
- Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴‍☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
> shell scripts looks innocent and can be run

yeah you'd think that Mr. Aboukhadijeh but i'm old enough to remember debian installing 'beep' setuid root with a "it's pretty innocent, the whole program is what 6 lines of code? go read the code and then say yes" warning on install for like a decade that turned out to be a bad idea because those 6 lines of code contained a privilege escalation attack allowing any user on the system to get root access using "beep"
In conversationabout a day ago from shitposter.worldpermalink

Public

Embed Notice

HTML Code

Corresponding Notice