
Keybase advisory: Local Privilege Escalation on Linux via Keybase-Redirector - Leace
https://keybase.io/docs/secadv/kb002
======
saagarjha
Running exec.Command in a setuid binary sounds like a pretty horrible thing to
do from a security perspective. If you have any of these in your software,
please consider rethinking if you really need them or could do with something
that doesn't have as many holes in it.

~~~
tinco
They probably weren't even aware that they were doing an exec.Command, as they
say they were using a go dependency for the mount behavior. Whoever wrote your
dependency might not have had your use case in mind when writing the library.
When you evaluate your dependencies you have take into account what
differences there are between the authors usecase, and yours.

It would be easy to say that dependencies are a bad thing, especially when
writing programs that are run as root or even suid, but there's no reason to
assume the same mistake would not have been made if they wrote the mounting
code themselves.

The big lesson should be that there should always be an explicit step to your
software development process that is to evaluate the security characteristics
of your program. Of course, it should always also be on your mind while
writing code, but there's so many layers you depend on, and so many things you
might not think of.

------
synaesthesisx
I know it's just FUSE but I don't see advantages to mounting the Keybase
filesystem on Linux/Mac. Seems like it would open some unnecessary doors like
this one.

~~~
eridius
The advantage is it means arbitrary programs can then interact with the
Keybase filesystem, as opposed to having to manually copy the files you want
to/from it.

------
thomasvendetta
Worth noting there is also an advisory for MacOS:
[https://keybase.io/docs/secadv/kb001](https://keybase.io/docs/secadv/kb001)

~~~
jfaat
Also worth noting this was fixed in September.

