https://wh0.github.io/2021/10/10/glitch-git-import.html
In May, I discovered two root privilege escalation vulnerabilities that took advantage of this Git import service. Glitch has now fully removed this service.
This was a fun time. I finally learned about just why there are two separate chown
and lchown
functions. And I learned a lot about how git clone
works internally and how it communicates with a “dumb HTTP” type remote server. And not the least of which, I got to play around and see what evil things an attacker with root access could do, the findings from which I’d also like to recount for you after the related issues are fixed.