[cedws]

>and malware looking to elevate root can just rig up ~/.bashrc, what use is this patch?

Apologies for self promotion, but I wrote a relevant blog post that discusses this[0]. Is there any way of mitigating this trivial attack?

I feel like the Unix/Linux security model is broken.

[0]: https://cedwards.xyz/sudo-is-broken/

[KerrAvon]

I’m not following your logic. How does the malicious-but-unprivileged user have write access to anywhere in the sysadmin’s PATH?

[cedws]

The 'exploit' runs under the sysadmin's user. It gets there when the sysadmin inadvertently installs something malicious under their own user, or something they're running is exploited for example.