Hacker News new | ask | show | jobs
by self_awareness 4 hours ago
And how a malware can use this if it's configured globally in a root:root owned config file?
1 comments
drdexebtjl 4 hours ago
Not all package managers require root.

But yeah, maybe through an exploit with a narrow reach. Once in, the malware can veto security updates and escalate to full control.

link
self_awareness 3 hours ago
With root, malware can reach out to UEFI anyway, and can do whatever it likes.
link