alt Hacker NewsThis could for instance be injected into your .bashrc when you do an "npm install" of a package that has a deeply nested supply chain attack.
Then the next time you run sudo, phase2 triggers installing a rootkit, etc.
Replies
Ferret7446 • today at 2:15 AM
That is one of many reasons to keep your dotfiles under version control.
➕ show 2 replies
Or you could also hijack it using $PATH search order with your wrapper to get existing terminal sessions too, there's a lot of ways to skin that cat.