Comment by criddell
1 day ago
On Linux, would something like Snap or Flatpak have protected them? It seems nuts that a random executable should have access to the password service.
1 day ago
On Linux, would something like Snap or Flatpak have protected them? It seems nuts that a random executable should have access to the password service.
Ultimately it depends on the exact mechanism here, maybe the tool/README said "Run sudo ./setup-deps" and they followed it, or something similar, not sure any sort of software isolation would have helped at that point.
Yes if the flatpak sandboxing is enabled. A flatpak can just request access to anything, the software store thing shows a bunch of scary warnings when they do this but many users probably ignore them.