• stown@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    ·
    11 months ago

    I’ll answer because I found the information. It appears that the attacker would need to rely on physical access to the machine OR another exploit that lets them access the computer remotely.

    • d3Xt3r@lemmy.nz
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      11 months ago

      Or they could just get you to execute the command without your knowledge (eg: all the people who just blindly copy-paste commands, or pipe scripts from the net into sudo). Or it could be a compromised github account/repo (supply-chain attack). Or even the ol’ techsupport scam where they get gullible users to install stuff…