Theo de Raadt writes:
> "Stephane HUC \"PengouinBSD\"" <b...@stephane-huc.net> wrote:
>
> > Hi, Tom. Ty for your reply.
> > 
> > On my file /etc/doas.conf, i've only one line, as:
> > 
> > "permit nopass setenv { ENV PS1 SSH_AUTH_SOCK } :wheel"
                                    ^^^^^^^^^^^^^

> So a javascript exploit in your browser can perform a rm -rf.

... everywhere.

Matthew

Reply via email to