setuid-test
v1.0.2
Published
This package is for testing only. Demonstrates that `npm i setuid-test -g` will result in an executable with setuid bit set being installed on the target system. Basically NPM just unpacks a tar file preserving all permission bits. This is a potential vec
Downloads
9
Readme
This package is for testing only. Demonstrates that npm i setuid-test -g
will result in an executable with setuid bit set being installed on the target system. Basically NPM just unpacks a tar file preserving all permission bits. This is a potential vector for priviledge escalation ... but then again NPM will also run a bunch-a script from the package on installation anyway so ...