They could plant this malicious script in a publicly writable directory, like the /tmp directory, and name it ls. Now when the admin user executes the ls command, the /tmp directory, they will have executed this script instead of the actual /bin/ls binary:
Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.