Obviously I do trust most of the programs that I install to not be malicious, however, I do use npm as a package manager for my own projects which is commonly accepted to be a vector for malware due to the sheer number of dependencies each module and it's dependencies can have. I'm concerned that a malicious program that I install on the user level could then trick me into somehow giving up my sudo password through this method. ![]() In malicious hands this could probably be used to edit aliases or append a directory of the attackers choosing to the beginning of the $PATH. ![]() ![]() My understanding of user permissions is that any process spawned by my user will then have read/write permissions to this file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |