Theo de Raadt writes:
> "Stephane HUC \"PengouinBSD\"" <bsd@stephane-huc.net> wrote:
>
> > Hi, Tom. Ty for your reply.
> >
> > On my file /etc/doas.conf, i've only one line, as:
> >
> > "permit nopass setenv { ENV PS1 SSH_AUTH_SOCK } :wheel"
^^^^^^^^^^^^^
> So a javascript exploit in your browser can perform a rm -rf.
... everywhere.
Matthew
No comments:
Post a Comment