I’m not following your logic. How does the malicious-but-unprivileged user have ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		KerrAvon on Jan 29, 2024 \| parent \| context \| favorite \| on: Try to make sudo less vulnerable to Rowhammer atta... I’m not following your logic. How does the malicious-but-unprivileged user have write access to anywhere in the sysadmin’s PATH?

cedws on Jan 29, 2024 [–]

The 'exploit' runs under the sysadmin's user. It gets there when the sysadmin inadvertently installs something malicious under their own user, or something they're running is exploited for example.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact