zlacker

[parent] [thread] 3 comments
1. 0x457+(OP)[view] [source] 2023-04-06 01:07:48
Honestly...I'm far for afraid of my $HOME being uploaded somewhere. You don't need "run as administrator" for that.
replies(1): >>thewat+rd1
2. thewat+rd1[view] [source] 2023-04-06 12:28:55
>>0x457+(OP)
> You don't need "run as administrator" for that.

This is what makes it so doable since you don't need any privilege escalation.

The reason why this is a big deal for a lot of people is your ssh keys will give you access to your git repos and other servers unless you have them password protected or use gpg/sk ssh keys which I think a lot of people don't do.

And of course if you can see the known hosts file/bash_history you'll likely have access to more servers to propagate to.

Also things like your browser cache is stored there.

replies(1): >>0x457+B53
◧◩
3. 0x457+B53[view] [source] [discussion] 2023-04-06 21:20:52
>>thewat+rd1
Plenty of dangerous things stored in `~/`, they don't even need password for ssh-key if there is ssh-agent running (this is in case of dangerous process running, not just upload).

This is why I store keys on a hardware key that requires me to touch it when used and manually start ssh-agent when doing a lot of `git push`.

replies(1): >>thewat+EP5
◧◩◪
4. thewat+EP5[view] [source] [discussion] 2023-04-07 18:35:16
>>0x457+B53
Yeah gpg/sk ssh keys are definitely the way to go.
[go to top]