I’m frustrated. I’m a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.
I’m frustrated. I’m a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.
Wait, what? Like there are no protections on PATH and you’re saying that sudo can be hijacked and replaced with simething that does the same thing but with a keylogger.
Yeah try it. It is concerningly easy. Write a program that edits the users bashrc/zshrc. Have it append a line that adds something to the front of the path, and have it shim sudo. You can even have it forward the password to the real sudo.
Instead of waiting for the user to open another shell, you can also open a subshell. (E.g. your malicious program never returns/exits, it just appears to exit by opening a subshell witj the modified path)
Aaaaaand, now I want to check the source code of all git repos before doing a git clone. Damn. Yeah, Ill test it out. Thanks for the heads up. Now I know why it’s so dumb to run yay as root.