you don’t need to be root to read /etc/passwd
its like they say, trust is hard to earn, easy to lose. I still like CDPR but there’s no denying they burned a lot of trust with cyberpunk.
I mean yeah, the only reason people have to believe elder scrolls 6 is in development is that teaser from 2018, and honesty they probably only made that teaser to temper expectations.
However, the two Jumpsec Red Team members found that they could go around the restriction by changing the internal and external recipient ID in the POST request of a message, thus fooling the system into treating an external user as an internal one.
so they only do the check on client side. classic.
yup pretty sure
$ cat /etc/passwd fox:hunter2:1000:1000::/home/fox:/usr/bin/zsh
😉