alt Hacker NewsOn linux realistically whatever user you installed the malicious NPM package with has access to everything you care about anyway.
Replies
lrvick • today at 1:40 AM
Every user, since privesc is so easy on most operating systems.
➕ show 1 reply
On linux realistically whatever user you installed the malicious NPM package with has access to everything you care about anyway.
Every user, since privesc is so easy on most operating systems.
I had an idea to always run 2 users, the "main" one (or more) and a "project one"... one could sudo to the project user, but that one could not sudo out... (npm would only be installed for the project user).