It's mildly interesting that they didn't call exec() and parse the elf manually, but that's about it.
That is what os dangerous, especially with containers where people run with the container root with elevated privileges.
With ollama, llama.cpp, and many other often agent containers that will run arbitrary code, and are running with the ability to bypass MACs, plus the fact that vfs and IPC isn’t really namespaces away it is complicated.
When you can’t even convince popular funded projects to add ‘USER foo’ to a dockerfile, this method is trivial.
If you looked into the state of lsms and how every complicated or difficult project is basically unconstrained it should be concerning.
~15 lines of c and ld_preload gets you privileged user namespaces on Debian based systems because of busybox as an example, which is a required package yet privileged in apparmor
tux3•1h ago
If you have arbitrary code execution, you can execute more arbitrary code on disk without calling exec. Better yet if you care about stealth is to not touch the disk at all, and keep everything in memory, downloading your next stage from a server directly into RAM.