Web lists-archives.com

Re: Running GParted and Synaptic without entering password




On Sun 13 May 2018 at 14:44:14 (-0500), Richard Owlett wrote:
> On 05/13/2018 09:09 AM, tomas@xxxxxxxxxx wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >On Sun, May 13, 2018 at 08:18:26AM -0500, Richard Owlett wrote:
> >>The underlying problem is not understanding what I read concerning
> >>sudo &/or /etc/sudoers (*INCLUDING* man pages).
> >>
> >>Only *ONE* individual has physical access to my _personal_ machine.
> >>Therefore, any distinction between 'richard' and 'root' is
> >>inherently artificial.
> >
> >Not so fast. A small flaw in your browser might allow it to run as
> >you and try some shenanigan as root: you'd notice it by "something"
> >asking for your credentials unexpectedly...
> 
> You have moths in your logic (cf.
> https://en.wikipedia.org/wiki/Grace_Hopper):
>   Moth, the first:
>       When asked for unexpected permission, "Just say NO"
>       [If doubtful, then dirty ;]
>   Moth, the second:
>       What if I had been logged in as root?

Then why worry about running synaptic yourself? Every compromised site
you visit will be installing software on your machine and taking it over.
Sit back, watch the action, or go and find your installation CD.

I think we've been here before …

>   2. If my original question has details, the responses I get can be
>      summed up by somebody's signature tag line -"Universal advice --
>      DON'T do that".

That's right.

Cheers,
David.