undefined | Better HN

0 pointsantihero12y ago0 comments

Interestingly, you may have just fucked yourself, because the sudo session is maintained whilst launching Firefox.

If we create a script 1:

   #!/bin/sh
   echo "I'm doing something secure"

And then script 2:

   #!/bin/sh
   echo "I'm doing something insecure".
   sudo echo "I'm doing something malicious".

Then run:

  $ sudo ./script1.sh; ./script2.sh

Looks like Firefox has access to your banking user :)

0 comments

Not if sudo is set to only allow gnucash! :-)

j / k navigate · click thread line to collapse