this post was submitted on 11 Nov 2024
-34 points (22.6% liked)

Linuxsucks

183 readers
60 users here now

Shit on Desktop Linux and its evangelists here

No evangelizing for Linux

founded 1 month ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] milicent_bystandr@lemm.ee 6 points 1 week ago

You are not the only one able to execute code under your user's name. A normally installed program, running under your directive as user, can run other commands under your authority as user.

But it can't run as root. You can run things as root via sudo, when you prove your identity as yourself - with the password - rather than another program operating in your name.

Passwordless sudo I think could be exploited e.g. by writing a script and passing it to bash.

(Or, as another reply pointed out, it provides a barrier against moderate malice of a passer-by or a 'friend' temporarily using your computer.)