Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Why can your browser run sudo? ...Suppose only your SSH client had the operation required to use your SSH keys.

Perhaps I’m missing something, but why could a malicious application (say, Chrome in the context of a browser running sudo) not also include the capability to access the file system with impunity?

It seems that Hydra simply turns the technical problem of managing filesystem protections into a political one, of auditing the applications we use; which may have been practical in the 80’s, but is now demonstrably a failed method of protecting user data.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: