This package is for testing only. Demonstrates that npm i setuid-test -g
will result in an executable with setuid bit set being installed on the target system. Basically NPM just unpacks a tar file preserving all permission bits. This is a potential vector for priviledge escalation ... but then again NPM will also run a bunch-a script from the package on installation anyway so ...
setuid-test
1.0.2 • Public • PublishedReadme
Keywords
nonePackage Sidebar
Install
npm i setuid-test
Weekly Downloads
2
Version
1.0.2
License
ISC
Unpacked Size
20.8 kB
Total Files
6