You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran the app (release v0.0.1, AMD) on Kubuntu 20.10. Without "-p", it finds nothing. With "-p", everything in bin at least is flagged as exploitable. I am left wondering what any of this means, and what I do/don't need to fix in my system.
I tried adding a dangerous file with 777 and SUID permissions to my /bin directory; traitor without "-p" didn't flag it as dangerous.
Perhaps you could add to the README: run without "-p", then if no threats found, create file SOMETHING with permissions NNN and run again without "-p", see it reported as a threat. Or some other simple example of a deliberate threat.
Perhaps you could add to each exploitable case: some brief indication of what is wrong. For example, when run with "-p", it says "man" is exploitable on my machine, and pops a root shell. But I am left with no reason why, or how to fix it. /bin/man seems to have proper permissions on my machine. Is the vulnerability elsewhere ? How do I fix it ? Is there any vulnerability at all ?
Thanks.
The text was updated successfully, but these errors were encountered:
I ran the app (release v0.0.1, AMD) on Kubuntu 20.10. Without "-p", it finds nothing. With "-p", everything in bin at least is flagged as exploitable. I am left wondering what any of this means, and what I do/don't need to fix in my system.
I tried adding a dangerous file with 777 and SUID permissions to my /bin directory; traitor without "-p" didn't flag it as dangerous.
Perhaps you could add to the README: run without "-p", then if no threats found, create file SOMETHING with permissions NNN and run again without "-p", see it reported as a threat. Or some other simple example of a deliberate threat.
Perhaps you could add to each exploitable case: some brief indication of what is wrong. For example, when run with "-p", it says "man" is exploitable on my machine, and pops a root shell. But I am left with no reason why, or how to fix it. /bin/man seems to have proper permissions on my machine. Is the vulnerability elsewhere ? How do I fix it ? Is there any vulnerability at all ?
Thanks.
The text was updated successfully, but these errors were encountered: