this post was submitted on 11 Nov 2024
-34 points (22.6% liked)
Linuxsucks
183 readers
60 users here now
Shit on Desktop Linux and its evangelists here
No evangelizing for Linux
founded 1 month ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You are not the only one able to execute code under your user's name. A normally installed program, running under your directive as user, can run other commands under your authority as user.
But it can't run as root. You can run things as root via sudo, when you prove your identity as yourself - with the password - rather than another program operating in your name.
Passwordless sudo I think could be exploited e.g. by writing a script and passing it to bash.
(Or, as another reply pointed out, it provides a barrier against moderate malice of a passer-by or a 'friend' temporarily using your computer.)