runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Debian Bug report logs -
#628843
login: tty hijacking possible in "su" via TIOCSTI ioctl
Package:
src:shadow;
Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>;
Reported by: Daniel Ruoso <daniel@ruosocom>
Date: Wed, 1 Jun 2011 19:27:02 UTC
Severity: important
Tags: c ...
Yet Another?
About
Warning
Usage
From binary
From Dockerfile
Build
Why?
Alternatives
su-exec
chroot
setpriv
Others
Contributing
License
Yet Another?
This repository is a fork of tianon/gosu and renamed to avoid confusion as asked by
the main maintainer See tianon/gosu#82 (comment)
yasu because it's Yet Another Switch User The main purpose of this fork is to ha
gosu
This is a simple tool grown out of the simple fact that su and sudo have very strange and often annoying TTY and signal-forwarding behavior They're also somewhat complex to setup and use (especially in the case of sudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get
Setup Trivy in CI/CD tools
Trivy is an image vulnerability scanner It detects vulnerabilties in OS packages and application dependencies
Test trivy in MacOS
Pull image:
docker pull aquasec/trivy
Scan your image:
docker run --rm -v $HOME/Library/Caches:/root/cache/ aquasec/trivy [YOUR_IMAGE_NAME]
gosu
This is a simple tool grown out of the simple fact that su and sudo have very strange and often annoying TTY and signal-forwarding behavior They're also somewhat complex to setup and use (especially in the case of sudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get
gosu
This is a simple tool grown out of the simple fact that su and sudo have very strange and often annoying TTY and signal-forwarding behavior They're also somewhat complex to setup and use (especially in the case of sudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get
A small Python utility for wrapping some CNCF tools.
secpod_wrap
Description
A small Python utility for wrapping some CNCF tools
At moment it wraps Trivy of Aqua Security, store on SQLite CVE of running pods, reports their owners (Jobs, StatefulSets, Deployments,)
Usage
Store on SQLite a vulnerability detection related to running pods
export K8S_TOKEN=""
export K8S_URL="1921685899:6443"
/se
Setup Trivy in CI/CD tools
Trivy is an image vulnerability scanner It detects vulnerabilties in OS packages and application dependencies
Test trivy in MacOS
Pull image:
docker pull aquasec/trivy
Scan your image:
docker run --rm -v $HOME/Library/Caches:/root/cache/ aquasec/trivy [YOUR_IMAGE_NAME]
gosu
This is a simple tool grown out of the simple fact that su and sudo have very strange and often annoying TTY and signal-forwarding behavior They're also somewhat complex to setup and use (especially in the case of sudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get
gosu
This is a simple tool grown out of the simple fact that su and sudo have very strange and often annoying TTY and signal-forwarding behavior They're also somewhat complex to setup and use (especially in the case of sudo), which allows for a great deal of expressivity, but falls flat if all you need is "run this specific application as this specific user and get
Warning! See "Security" section at the end
SUID
Somewhat an inverse to sudo but with security first
Usage
git clone githubcom/hilbix/suidgit
cd suid
make
sudo make install
Afterwards you can run something as
suid command args
suid is inverse to sudo in the sense, that sudo
Vulmon