[PlutoIsAPlanet]

> nevermind root. The apps have unrestricted access to your filesystem under the same privileges as your user

Easy to get root anyway, just add an alias to sudo to .bashrc and whenever the user follows an online instruction guide into fixing something they'll get root privileges.

or overwrite LD_PRELOAD for the user

or replace the users desktop files and pretend to be another application (because you can overwrite /usr/share/applications launchers in .local/share/applications)

[cassianoleal]

Wouldn't those attacks all require the user to have set up passwordless sudo?

[verall]

You can change sudo into an alias that steals your sudo password and then does whatever else.

Not that it makes a huge difference in practice, IMO. The apps most users run (i.e. distro apps) are plenty trusty for normal threat models. Apps that run real untrusted code (web browser) have their own sandboxes. And people with more serious threat models can run qubes or tails or whatever

[NewJazz]

Qubes is great.