Hacker News new | ask | show | jobs
by drdexebtjl 5 hours ago
Not all package managers require root.

But yeah, maybe through an exploit with a narrow reach. Once in, the malware can veto security updates and escalate to full control.
1 comments
self_awareness 5 hours ago
With root, malware can reach out to UEFI anyway, and can do whatever it likes.
link