search

contolini / pizza-party

Proof-of-concept npm worm
https://contolini.com/building-an-npm-worm
GNU General Public License v3.0
10 stars 0 forks source link

The exploits does not work on Linux #1

Open DavidBruant opened 8 years ago

DavidBruant commented 8 years ago

and I'm not only referring to the opener part. It seems that it doesn't even do the npm version patch (which I've found surprising)

contolini commented 8 years ago

Thanks for the heads up @DavidBruant. I'll add a disclaimer to the readme. The code is fairly old and admittedly poorly-tested. I'm not super keen on getting it working (for obvious reasons).

DavidBruant commented 8 years ago

I'm not super keen on getting it working (for obvious reasons).

Bluh... of course indeed :-p I'm playing around with the idea of solving the worm problem via docker containment https://github.com/DavidBruant/contained-node (repo is a mess for now) and the POC was interesting to me to prove that my fix works, but I'll do a simpler version. No need to fix yours on Linux.

Thanks!

contolini commented 8 years ago

@DavidBruant Ah, very cool! I'll try and find some free time today to tinker with it.

DavidBruant commented 8 years ago

It's really not ready... well... I do have a fix right now because .npmrc is not shared in the container; easy fix that doesn't solve the deeper problem. I'm working on fixing on of the deeper problems at https://github.com/DavidBruant/contained-node/issues/1 (but oh boy it's hard so far).