alt Hacker NewsWhy not make a proper link /sudo so you don't have to type out the full path every time, which is very inconvenient? (but the fact that such workarounds are needed still means it's a theater)
Replies
sinsudo • today at 8:34 AM
Anything that can be modified by an attacker can not be used to secure the sudo command. This is a recursive requirementor hierarchy for secure systems.
➕ show 1 reply
A simple LD_PRELOAD command can cause your shell to run "rm -rf /" when you type "/sudo".
If your unprivileged user is compromised, you are pretty hosed.