with the recent windows news, I wanna switch to Linux. I tried mint a few years ago and was annoyed and frustrated with multiple things, like having to input the password all the time and the general ammunt of constant trouble shooting and needing a tutorial for the most basic things.

I want a distro that:

  1. Is very user friendly, ideally not requiring a terminal
  2. Is hard to accidentally fuck up
  3. ideally doesn’t require a password for every input

I basically just use my laptop to browse the web, draw in krita and use ms office apps (have been getting used to open office lately)

What do y’all suggest?

  • Quibblekrust@thelemmy.clubEnglish
    2·
    24 hours ago

    that’s the part that can keep malicious stuff out because it doesn’t have permission.

    All a malicious script has to do is alias sudo in your .bashrc, and you’re fucked. The script can do that without privileges. It takes surprisingly little to go from “I’m only running this script without privileges” to getting totally owned immediately after.

    • BCsven@lemmy.ca
      1·
      23 hours ago

      I guess that depends on distro, because sudo on OpenSUSE requires root password, so a script isn’t doing anything unless you enter the password

      • Quibblekrust@thelemmy.clubEnglish
        2·
        11 hours ago

        Yes, every distro requires a password for sudo. That’s the whole point of it. But editing .bashrc does not require sudo. You can add aliases and functions to .bashrc. A malicious script can append to .bashrc, and by doing so, it can alias sudo to be whatever command it wants. For instance, a malicious function. So the next time you run sudo it runs the malicious command, instead, which itself can act just like sudo and prompt you for your password. So now you just entered your password into a malicious function. Do you see the problem with this?

        • BCsven@lemmy.ca
          1·
          3 hours ago

          Then lock bash rc as read-only and root permission only, or disable aliasing altogether I guess

      • Björn@swg-empire.de
        3·
        17 hours ago

        The script would place its own version of sudo in your $PATH and wait for you to enter the password. Then it has it and can do what it likes with the information.

        Then it’d just tell you “wrong password” and forward you to the real sudo so that you can keep on working like nothing happened.

        Edit: Or even better, pass your own commands to take over the whole system to the real sudo.