
What could go wrong? “Perl cgi html uploading linux kernel” - nanis
https://stackoverflow.com/q/44148502/100754
======
MichaelBurge
I can think of some convoluted scenarios where it's plausible(What if a
computer distributor had some private testing server that vendors could use to
test drivers?).

I can't think of a good reason for anybody that has to ask how to do it.

------
dTal
>solved it by adding in the visudo file a line thar www-data user needs no
password for sudo

Dear lord. SUID scripts have a bad reputation but that would have been a much
more secure solution. Now the attack surface is the entire of lighthttpd plus
any CGI scripts, which is much simpler to exploit than crafting a custom
malicious kernel module.

------
kbart
I have seen this in some cheap Chinese home routers.

------
dendisuhubdy
JIAHAHAAAAAAA

~~~
dang
Not here, please.

