Web lists-archives.com

Re: Running GParted and Synaptic without entering password

On 14/05/18 07:44, Richard Owlett wrote:
> On 05/13/2018 09:09 AM, tomas@xxxxxxxxxx wrote:
>> Hash: SHA1
>> On Sun, May 13, 2018 at 08:18:26AM -0500, Richard Owlett wrote:
>>> The underlying problem is not understanding what I read concerning
>>> sudo &/or /etc/sudoers (*INCLUDING* man pages).
>>> Only *ONE* individual has physical access to my _personal_ machine.
>>> Therefore, any distinction between 'richard' and 'root' is
>>> inherently artificial.
>> Not so fast. A small flaw in your browser might allow it to run as
>> you and try some shenanigan as root: you'd notice it by "something"
>> asking for your credentials unexpectedly...
> You have moths in your logic (cf.
> https://en.wikipedia.org/wiki/Grace_Hopper):
>   Moth, the first:
>       When asked for unexpected permission, "Just say NO"
>       [If doubtful, then dirty ;]

If you don't require a password, it won't need to ask permission, will
it? So you don't notice.

>   Moth, the second:
>       What if I had been logged in as root?

Running a browser as root? Same as above, but worse.


Attachment: signature.asc
Description: OpenPGP digital signature