Hacker News new | ask | show | jobs
by lttlrck 728 days ago
Maybe also make /usr/bin/sudo immutable? would that help prevent a package manager from messing with it? I think so.
2 comments
kelnos 728 days ago
The downside of this is that if you have your system set up to automatically install package updates, then it will start failing, which might kill all automatic updates.

On Debian, for example, I have unattended-upgrades set up to automatically install security updates. sudo is reasonably likely to have updates for security reasons.

link
dpifke 728 days ago
There are multiple ways to "override" a file managed by dpkg:

https://wiki.debian.org/DebianAlternatives

https://www.debian.org/doc/debian-policy/ap-pkg-diversions.h...

link
ec109685 728 days ago
How would you do that?
link
vrotaru 728 days ago
lsattr - for reading attributes chattr - for setting them

You need the `i` attribute. But this is filesystem dependent. Anyway protecting the `sudo` binary from package managers is a so-so idea.

link
xomodo 728 days ago
man chattr
link