On Wed, Aug 11, 2021 at 11:30:27PM -0400, Timothy M Butterworth wrote: > I just ran across this article > https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I tested > the attacks on Debian 11 and they work successfully giving me a root > shell prompt. I don't think calling this "privilege escalation" or "attack" is correct. The premise of the post is "the user should not be a root/admin user but has been assigned sudo permissions to run the package manager" and one doesn't really need a long article to prove that it's not secure.
-- WBR, wRAR
signature.asc
Description: PGP signature