theshit Command-Line Utility Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in theshit, a command-line utility that detects and corrects common errors in shell commands. The issue arises in versions prior to 0.1.1, where the application loads custom Python rules and configuration files from user-writable locations, such as ~/.config/theshit/, without verifying ownership or permissions. When executed with elevated privileges, the tool trusts these files from the unprivileged user's environment, allowing a local attacker to inject arbitrary Python code through a malicious rule or configuration file, which is then executed with root privileges. This vulnerability affects any system where theshit is run with sudo or as the root user. In environments where theshit can be executed via sudo without a password, a local unprivileged user can escalate privileges to root without additional interaction.

Impact

Exploitation of this vulnerability allows for local privilege escalation, with arbitrary code execution as root.

Remediation

Users can upgrade to theshit version 0.1.1, which addresses the vulnerability by implementing strict ownership and permission checks for all configuration files and custom rules. If upgrading is not possible, users should avoid running the application with sudo or as the root user. As a temporary measure, ensure that directories containing custom rules and configuration files are owned by root and not writable by non-root users. Administrators may also audit existing custom rules before running theshit with elevated privileges.