I’m frustrated. I’m a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.

  • jeff_hykin@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 month ago

    Yeah try it. It is concerningly easy. Write a program that edits the users bashrc/zshrc. Have it append a line that adds something to the front of the path, and have it shim sudo. You can even have it forward the password to the real sudo.

    Instead of waiting for the user to open another shell, you can also open a subshell. (E.g. your malicious program never returns/exits, it just appears to exit by opening a subshell witj the modified path)

    • ScoffingLizard@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Aaaaaand, now I want to check the source code of all git repos before doing a git clone. Damn. Yeah, Ill test it out. Thanks for the heads up. Now I know why it’s so dumb to run yay as root.