On 14/05/18 07:44, Richard Owlett wrote: > On 05/13/2018 09:09 AM, to...@tuxteam.de wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Sun, May 13, 2018 at 08:18:26AM -0500, Richard Owlett wrote: >>> The underlying problem is not understanding what I read concerning >>> sudo &/or /etc/sudoers (*INCLUDING* man pages). >>> >>> Only *ONE* individual has physical access to my _personal_ machine. >>> Therefore, any distinction between 'richard' and 'root' is >>> inherently artificial. >> >> Not so fast. A small flaw in your browser might allow it to run as >> you and try some shenanigan as root: you'd notice it by "something" >> asking for your credentials unexpectedly... > > You have moths in your logic (cf. > https://en.wikipedia.org/wiki/Grace_Hopper): > Moth, the first: > When asked for unexpected permission, "Just say NO" > [If doubtful, then dirty ;]
If you don't require a password, it won't need to ask permission, will it? So you don't notice. > Moth, the second: > What if I had been logged in as root? Running a browser as root? Same as above, but worse. Richard
signature.asc
Description: OpenPGP digital signature