Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I install software from credible sources. I do reuse configs from dotfiles off the Internet - just like most people do.

There are way more configs out there than there are software projects.



You already face the same threat then. Many, if not most, nontrivial programs have at least one way to escalate to arbitrary code execution from config. For example sway has exec, basically any useful editor has "on save actions", etc. No need for a Turing complete language when you can just shell out.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: