undefined | Better HN

0 pointszeusk8y ago0 comments

Well, the same is true of any osx pre high sierra. A malware can disguise as installer utility and it can make modifications to system or install kexts after user okays it (keychain saves the password).

Linux makes you type in the password manually every time for elevation but that will just make the average consumer remove or use unsafe passwords for their accounts.

0 comments

3 comments · 1 top-level

TylerE8y ago· 2 in thread

There are plenty of ways of NOT having to type the password on linux that are functionally equivalent to keychain (e.g. sudo in some configurations)

zeuskOP8y ago

Sure you can customize /etc/sudoers to your heart's content but that's not the point here. (btw, you can use group policy to enforce password at UAC prompt and limit users from system wide changes to Windows).

The point is about a secure & safe way for a common person to authorize an application that wants to make changes to the system and as the defaults stand, sudo prompting for password at every elevation attempt is worse off in my opinion.

shakna8y ago

Doesn't sudo have a default time setting? Only once every ten minutes per process does it elevate?

> The point is about a secure & safe way for a common person to authorize an application

I'm not sure that's even possible. The common person doesn't tend to fear putting their credit card info into a random online form.

j / k navigate · click thread line to collapse