-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 2021-08-12 at 10:44 +0500, Andrey Rahmatullin wrote: > On Wed, Aug 11, 2021 at 10:55:44PM -0500, Brian Thompson wrote: > > Thank you for bringing this to everyone's attention. This are very > > real > > vulnerabilities. > How are they vulnerabilities? >
They are vulnerabilities because the user is susceptible to this kind of attack by default. I don't think a lot of users are security-conscious enough to prevent sudo access for commands like apt and snap. > > NPM has similar issues with stopping malicious packages from being > > published to the FTP server. > That's not what is the article about. Correct, but NPM served as an anecdote for a point I was trying to make. > Ah, so you haven't read the article. No, I read the article. - -- Best regards, Brian T. -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE9fpVo96/flopdKOfgw2Ncu3Nhn0FAmEUvN8THGJyaWFuQGhh c2h2YXVsdC5pbwAKCRCDDY1y7c2GfZx5D/4i2kVC+zcYFXYad13SPPJjwIRI0pM3 PMKwdb4NIFG8eG3vurWbq/p7cUihXjahpq1xbTkifzfAnE22y9k7Sj85vDR5j2F/ Pfir09qymjLoOdmFCCRuRdraBe8bUuaWolHnHIVdT0Jif3KeRk/I6njn0ZKa0dI3 2yaA9owJPIxRUGki7OMFLwz5WdoTU4t77AHD3JiU9e1QExV/Z2AQi6twGAVqJVVY JtUan3P/NmWBsBjPxPg+zuAp3/YVPpHBS02mI3A+sHp2qzQDUQ3S9lpuEx/QuxN0 BhLynoqugG8ZQDJvymENFCvr2WYRz1/0heE/YouR9MCLpchdZidSzyTsgvj6BH9d WipAdocRzqgEWvL+vDbcnG8JKHhzGqpeny08fbMKbl/Nmm7cS781MdWtw7tmk0Nq Bs3yzneBihgi9duQrvlIncaroBv5FkoGCzNPvL8dKudA8dVLyPWG0rlPSrkRLSfs zYSVRL/D99G+f8YCz+HmPq1CYEKNxeATZI/l1qrUZq6K5yAlUWHlmEnylZILcUAm ZnAgIQnpTq/SrH8QLH/03qSZ/lqYi05Rn/Q0WOkv8g+t5I7mytvzKWu9qsZUopWg YFmVp/4+eyg1SjaCM5PCO6tv2D8AjK8UW0uzwTXT1LF+2DeM7sC8/hgIU49Ebv/T Q6ZdTfoS3cbL3g== =W0yz -----END PGP SIGNATURE-----