I’m assuming they just send you a zip file with an ‘existing codebase’ where somewhere in a hidden dependency a bit of code does something nefarious when you first run the project. You don’t even need root access to do something bad, your whole home directory is interesting enough as it is (emails, SSH keys, saved browser passwords, etc).
Not everyone is going to do a coding test in a separate account or in a VM.
I’m assuming they just send you a zip file with an ‘existing codebase’ where somewhere in a hidden dependency a bit of code does something nefarious when you first run the project. You don’t even need root access to do something bad, your whole home directory is interesting enough as it is (emails, SSH keys, saved browser passwords, etc).
Not everyone is going to do a coding test in a separate account or in a VM.