|
|
|
|
|
|
by laumars
3686 days ago
|
|
|
The backdoor is `sudo` and if you allow passwordless `sudo` then any program you execute has permissions to run code as root. If you require a password to `sudo` then there's less of an issue as even the LetsEncrypt client would require you to grant permissions to `apt-get`. That all said, it's still bad form to `apt-get -y` when run with a `--help` flag. Particularly with the `-y flag`. Even if you trust LetsEncrypt (and most of us would), it's still unexpected / non-idiomatic behavior and the `-y` flag means users don't get much time to cancel the operation should any output concern them. |
|
|