Comment by CGamesPlay

8 hours ago

> if your model is that linux is just about single-user desktops, this local exploit isn't too bad.

For example, if you have passwordless sudo, you've already got a widely known LPE vulnerability lurking on your system.

6 comments

CGamesPlay

Only for your user, and it means a keylogger on the system if it gets rooted can't pull your password to try on other machines. Personally I always either login as root or use passwordless sudo.

XorNot 5 hours ago
Yubikeys are also surprisingly annoying when setup for the as well. A working developer just needs sudo a lot.
Realistically a "sudo button" would be handy, on the keyboard, with a display to show a confirmation pin for the request (probably also needs a deny button so you can try and identify weird ones).
- parliament32 13 minutes ago
  
  Sounds like a good use case for that new Copilot button you see on newer keyboards.

oviet 7 hours ago

hmm have i missed anything?

OvervCW 6 hours ago
Any program on your computer can just run "sudo" to escalate itself.
- hk__2 1 hour ago
  
  The problem is not the passwordless sudo but running untrusted programs on your computer under your user. They don’t need sudo to steal your SSH keys or inject malicious code in your .bashrc.