|
|
|
|
|
|
by dangus
15 days ago
|
|
|
Maybe you don’t do anything with your computer but for me the difference between my sudo+password/fingerprint and sudoless access to my linux user is huge. For one thing, 1Password unlocks with system authentication unless it’s been inactive for a certain amount of time or if the system has been restarted. Without sudo you can’t modify my firewall rules, can’t modify my kernel, boot partition, install/run privileged software, and the list goes on and on. Sure, having my local account compromised would be really bad, but security is done in layers. I’m not going to give my local user permanent root access via docker just because I didn’t feel like typing “sudo.” That’s not enough of a benefit to leave that door wide open. Think about it this way: there could be an exploit where you could run something as my user without knowing my password. Maybe some program my user is running has an exploit, let’s say yet another npm package gets compromised and I unwittingly run it. If you can now run anything in docker as root with that blast radius just got way worse. |
|
|