And how a malware can use this if it's configured globally in a root:root owned config file?
Not all package managers require root.
But yeah, maybe through an exploit with a narrow reach. Once in, the malware can veto security updates and escalate to full control.
alt Hacker News
Not all package managers require root.
But yeah, maybe through an exploit with a narrow reach. Once in, the malware can veto security updates and escalate to full control.