setuid-test

1.0.2 • Public • Published 3 years ago

This package is for testing only. Demonstrates that npm i setuid-test -g will result in an executable with setuid bit set being installed on the target system. Basically NPM just unpacks a tar file preserving all permission bits. This is a potential vector for priviledge escalation ... but then again NPM will also run a bunch-a script from the package on installation anyway so ...

Readme

Keywords

none

Package Sidebar

Install

npm i setuid-test

Weekly Downloads

Version

1.0.2

License

ISC

Unpacked Size

20.8 kB

Total Files

Last publish

3 years ago

Collaborators

Try on RunKit

Report malware