334
submitted 2 months ago by Flax_vert@feddit.uk to c/selfhosted@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] purplemonkeymad@programming.dev 14 points 2 months ago

Yea I didn't think the post was that professional. Also the "unminified" version is just the minified with more white space. It still has poor names and no explanation of the binary blob.

[-] jj4211@lemmy.world 2 points 2 months ago

Looking at the binary blob, it's a payload to assume privileges as possible and exec sh. So replace su with that and the binary gets to use su's filesystem privileges without needing access to actually write it.

The vulnerability part is when the door opens to replace any file's read cache with arbitrary content. The binary payload is just an obvious example of the sort of payload that could do a ton of damage.

[-] WhyJiffie@sh.itjust.works 1 points 2 months ago

tbh they could have boasted even less bytes by just having everything in a zlib.decompress()

this post was submitted on 30 Apr 2026
334 points (98.3% liked)

Selfhosted

60526 readers
695 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS