Is it just me or does this smell
like privilege escalation?

https://github.com/hugojosefson/...

1. It uses shell access. If you grant a Deno (or otherwise sandboxed) program shell access, you've implicitly granted all other permissions that a non-sandboxed program would have.

2. To achieve admin access, it calls sudo, which prompts the user with a rather self-explanatory message:

[sudo] password for electra:

unless you've enabled passwordless sudo. Passwordless sudo is literally a privilege escalation.

@lbfalvy but if i understand this correctly an unprivileged process can send this root process a command to run and the root process executes that command?

@jonas-w If I read the code correctly, the host process holds onto the privileged child's STDIN, so others can't send messages. I don't see a vulnerability but I don't know Deno so maybe you're seeing something I'm not.

@lbfalvy But wouldn't this allow a developer that uses this module, to mistakenly expose the commands - to be sent to the sudo process - to be modified by something else?

@ElectroArchiver I'm really not sure about this part but it looks like code is quite well separated in the interface from commands, which are just calls to functions you defined explicitly in the privileged module. I wouldn't trust that it can resist an ACE in the parent, but overall it looks safe.

@ElectroArchiver But on general, if you give your password to a program's sudo request you implicitly trust it not to contain an ACE.

@lbfalvy No, I pray they didn't fuck up hehe

@lbfalvy what's an ace?

@ElectroArchiver ues, any privileged process run the risk of escalating permissions if it has bugs but with two processes like this the rooted process must parse and validate the command before executing.

If you for example allowed for unrestricted console execution you definitely have left the keys in the lock ;)

But with a good validation its not very different from any web api that have to do the same :)

@netikras In this context: Arbitrary Code Execution