alt Hacker NewsCould link it to a yubikey via pam.d so you need a fingerpress to authenticate.
Replies
lrvick • today at 8:40 AM
And then the moment you authenticate, the fake sudo still executes its payload.
Yubikeys do not fix this issue.
Could link it to a yubikey via pam.d so you need a fingerpress to authenticate.
And then the moment you authenticate, the fake sudo still executes its payload.
Yubikeys do not fix this issue.
Physical attestations are hard to solve, I think it would be nice if all TPMs in laptops had this. Then the problem becomes how do you automate stuff that needs to be done.