|
|
|
|
|
|
by rlpb
587 days ago
|
|
|
That's not really relevant nowadays. Most attacks are done indiscriminately and en-masse, so an attacker wouldn't have to wait very long in practice. Only in "advanced persistent thread" territory is your point really relevant, but the attack I describe is much more widely applicable. Having to wait a while is therefore not in any way a mitigation. In practice then, one cannot assume any security from sudo requiring a password. https://en.wikipedia.org/wiki/Advanced_persistent_threat |
|
|