HabrAug 21, 2025

[Перевод] Перестаньте переживать об allowPrivilegeEscalation

Многие инженеры теряются в нюансах настройки allowPrivilegeEscalation в Kubernetes. Автор статьи простым языком объясняет, зачем нужен этот флаг, как он работает и почему его наличие или отсутствие не критично для большинства сценариев. Если хотите понять, как устроена безопасность контейнеров, — эта статья для вас.

https://habr.com/ru/companies/flant/articles/923432/

#allowPrivilegeEscalation #поды #kubernetes #security_contexts #контексты_безопасности #setuid #setreuid #привилегированный_контейнер #безопасность_контейнеров

Перестаньте переживать об allowPrivilegeEscalation

От переводчика: существуют разные контексты безопасности (security contexts) в Kubernetes. Они позволяют настраивать параметры безопасности на уровне пода или контейнера. Некоторые из них вполне...

Хабр
raptor Aug 17, 2025

wait3() System Call as a Side Channel in #Setuid Programs: nvidia-modprobe case study (CVE-2024-0149)

https://security.opensuse.org/2025/03/26/nvidia-modprobe.html

wait3() System Call as a Side Channel in Setuid Programs: nvidia-modprobe case study (CVE-2024-0149)

The nvidia-modprobe utility, a setuid-root helper for the proprietary Nvidia GPU display driver, contained an information disclosure vulnerability in versions prior to 550.144.03. Unprivileged users were able to determine the existence of arbitrary files on the system via the wait3() system call.

SUSE Security Team Blog
Hacker NewsApr 12, 2025

One Bug Wasn't Enough: Escalating Twice Through SAP's Setuid Landscape

https://www.anvilsecure.com/blog/one-bug-wasnt-enough-escalating-twice-through-saps-setuid-landscape.html

#HackerNews #OneBugWasntEnough #SAP #Security #Setuid #Vulnerability #Cybersecurity #Exploit #BugBounty

One Bug Wasn’t Enough: Escalating Twice Through SAP’s Setuid Landscape - Anvil Secure

Principal Security Engineer Tao Sauvage discovered two SAP flaws on a client project, resulting in a CVE and a custom tool.

Anvil Secure
Khurram Wadee ✅Feb 24, 2025

I could also mount the encrypted partitions on the #HardDrive and to recreate the symbolic link which I’d deleted. Luckily this allowed my original system to start #Booting again. However, something was still wrong with sudo but looking it up, there was ample help online about what was wrong: the #program has to be #setuid 0 and so once I was able to do that I recovered the system. Phew.

#GNU #Linux #ShaggyDogStory

Alec MuffettDec 9, 2024
Linux Kernel: TOCTOU in Exec System | …I am sure that there was a vulnerability of this exact kind in Unix circa 1988 +/- 4yrs
https://alecmuffett.com/article/110753
#Cve202443882 #security #setuid #unix
Linux Kernel: TOCTOU in Exec System | …I am sure that there was a vulnerability of this exact kind in Unix circa 1988 +/- 4yrs

I’m pretty sure there was a direct one on the inode permissions, and possibly a second one involving symlinks. Every bug has its day again and again and again. There is a Time-of-Check / Time…

Dropsafe
alecmDec 9, 2024

Linux Kernel: TOCTOU in Exec System | …I am sure that there was a vulnerability of this exact kind in Unix circa 1988 +/- 4yrs

I’m pretty sure there was a direct one on the inode permissions, and possibly a second one involving symlinks. Every bug has its day again and again and again.

There is a Time-of-Check / Time-of-Use issue in the Linux kernel in the exec system calls. The executability permissions are checked at a different time than the set-user-ID bit is applied. This could lead to privilege escalation.

https://github.com/google/security-research/security/advisories/GHSA-c45w-xwww-rfgg

#CVE202443882 #security #setuid #unix

Linux Kernel: TOCTOU in Exec System

### Summary There is a Time-of-Check / Time-of-Use issue in the Linux kernel in the exec system calls. The executability permissions are checked at a different time than the set-user-ID bit is app...

GitHub
Ben CardoenJul 12, 2024
Interesting way to omit setuid (sudo/su) by using ssh on a socket instead (+yubikey) by @siosm https://tim.siosm.fr/blog/2023/12/19/ssh-over-unix-socket/ #linux #setuid #SSH #opensource
sudo without a setuid binary or SSH over a UNIX socket

In this post, I will detail how to replace sudo (a setuid binary) by using SSH over a local UNIX socket. I am of the opinion that setuid/setgid binaries are a UNIX legacy that should be deprecated. I will explain the security reasons behind that statement in a future post. This is related to the work of the Confined Users SIG in Fedora.

Siosm's blog
raptor May 7, 2023

#Parallels Desktop has a couple of #setuid binaries: prl_update_helper and Parallels Service. Both binaries run with root privileges and both invoke #bash scripts to run commands with the privileges of root. For such use cases, bash specifically provides a privileged mode using the “-p” flag. Parallels Desktop prior to version 18.1.0 does not take advantage of bash privileged mode, nor does it filter untrusted environment variables. This leads to #local #privilege #escalation.”

https://www.thezdi.com/blog/2023/4/5/bash-privileged-mode-vulnerabilities-in-parallels-desktop-and-cdpath-handling-in-macos

Zero Day Initiative — Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS

In the last few years, we have seen multiple vulnerabilities in Parallels Desktop leading to virtual machine escapes. Interested readers can check our previous blog posts about vulnerabilities across interfaces such as RDPMC hypercalls , the Parallels ToolGate, and the VGA virtual device . This

Zero Day Initiative
MaInKiVi  Apr 16, 2023

Nueva entrada al #blog, hoy sin video, para explicar los tres permisos especiales de #linux : #setuid, #setgid y #StickyBit. Como siempre desde el #servidor @fedora

https://mainkivi.info/wordpress/?p=1431

Permisos especiales en Linux: setuid, segid y sticky bit – MAINKIVI

raptor Feb 10, 2023

As it turns out, the #setuid bit in #Unix was invented by Dennis Ritchie to prevent false updates to the moo game leaderboard 🤯 #Unix #history

https://minnie.tuhs.org/pipermail/tuhs/2023-February/027644.html

[TUHS] Unix game origins - stories similar to Crowther's Adventure