| ▲ | sjpb 5 hours ago | |
> With the way linux is used these days, I'd guess the number of systems with untrusted local users is pretty limited Things like HPC clusters are multiuser & don't entirely trust their users. If they did we wouldn't need users/groups/permissions etc in the first place. | ||
| ▲ | cozzyd 3 hours ago | parent [-] | |
Yes. Not even just HPC clusters, shared login servers are pretty common in academia. I manage several in our lab. Sure, we mostly trust the users against malice more or less but not so much against incompetence. A malicious vscode plugin would run rampant in this space. And then there are users running claude-cli and friends who may just find it convenient to use a local root exploit to remove obstacles. | ||