On Saturday, 8 October 2022 at 19:57:35 UTC, kdevel wrote:
>What about
~/.ssh/authorized_keys?
or
~/.profile
~/.bashrc
Now assume someone coaxes you to compile his code under your account. See the problem which does not exist if the compiler could only read those files?
"Except... the program could also just write those files when you run it. What's stopping people now?"
"Yeah, messing with people's home folder isn't hard."
"I guess it's just that most people aren't criminals?"
"Oh right, I always forget."
"An underappreciated component of our computer security system."