that’s the part that can keep malicious stuff out because it doesn’t have permission.
All a malicious script has to do is alias sudo in your .bashrc, and you’re fucked. The script can do that without privileges. It takes surprisingly little to go from “I’m only running this script without privileges” to getting totally owned immediately after.
Why would a person choose to use fewer words to relay a thought when using more words is clearly better?
I propose instead, OP change their comment to say:
him, her, them, hir, zir, em, xem, xim, per, ve, ey, faer, aer, or thon
Good luck! I hope it works out for you.
Oh, that’s weird. I just suggested the same thing up above with a bunch of extra explanation. I’ve done this exact thing twice. In that comment I talk about changing some registry settings, but like I said in the comment, I didn’t think that actually helped. So I dunno. This was with Windows 10 both times, and both USB devices boot on a laptop.
You don’t need to do anything special. Take an NVMe or SSD and put it internally in some PC—ideally the same computer you want to use it on, for driver reasons—then install Windows on it. (Windows won’t let you install to a USB device, so you have to put the drive internally in the PC.) Then take it back out, put it in an external enclosure, plug it into USB and it boots right up. (Well, as long as you know how to choose a boot device at startup or make USB a higher priority than your internal drive.)
I just did that on my laptop by taking out the Windows NVMe, putting in a new one for Linux, and then sticking the Windows NVMe in an enclosure.
Obviously, this can’t work on a thumb drive, but it’s not terribly inconvenient to carry around an enclosure and a cable.
(An LLM told me I should change some registry settings to make loading the USB drivers occur earlier during boot, but that doesn’t make much sense. How could it boot enough to load the Registry in order to know to load the USB drivers earlier? It’s already booting. But if you try this and have any troubles, I can probably figure out what Registry settings I changed. I’ve also done this with an M.2 SSD from one PC and booted it from a USB enclosure on a different PC, and I definitely made no registry changes then.)
Welcome to the club! I installed Open Sousa Tumbleweed this summer.
(It’s similar to OpenSUSE, but has a marching band theme by default. This is totally a real thing, and it wasn’t just a speech to text failure.)
Yes, every distro requires a password for sudo. That’s the whole point of it. But editing .bashrc does not require sudo. You can add aliases and functions to .bashrc. A malicious script can append to .bashrc, and by doing so, it can alias sudo to be whatever command it wants. For instance, a malicious function. So the next time you run sudo it runs the malicious command, instead, which itself can act just like sudo and prompt you for your password. So now you just entered your password into a malicious function. Do you see the problem with this?