Comment by arcfour
11 hours ago
Maybe sudoers is configured to allow you to run base64 as root. Why would someone do this? No idea. But if you are in such a situation, now you know how to bypass the intended permissions and read any file on the system.
Or maybe you give Claude Code permission to run `base64` without review without realizing this lets it read any file, including maybe your secrets in .env or something.
The former happens a lot when people try to block specific commands for sudo, instead of taking a "permit these only" approach. If your sudoers file says you can access "all these commands but not cat", the site points out that you can still use base64 to accomplish the same ends. The effective solution is to start from "you can run exactly these commands and no others", which at least allows you to reason about what the user can and can't do.