Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Please, elaborate. I can share my screen with coworkers and talk about all sorts of confidential things, and I can even give them full remote access to control everything if I wished. So why would pushing a some plain text code directly to their machine be so fundamentally different than all the other means of passing bits between our machines?




If you share screen you are in control of what you show, if you give someone SSH access, what would stop them from passing/running a small script to fetch everything you have or doing w/e with your computer? I mean it's a blatant security violation to me. Just no reason to do that.

In large corps you usually have policies to not leave your laptop unattended logged in, in the office, that would be potentially even worse than that.

reply


I wasn't aware that I could run a small script and fetch everything from every host with an ssh git repo. TIL.

reply


I mean…git hooks are just scripts. If you can fetch, you can pull (or push) a script that executes locally.

reply




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: