[nazcan]

To clarify, when does this run? Like you download malware A, run malware A and this function definition changes sudo for it, or sudo for other cases?

[lrvick]

This could for instance be injected into your .bashrc when you do an "npm install" of a package that has a deeply nested supply chain attack.

Then the next time you run sudo, phase2 triggers installing a rootkit, etc.

[arcfour]

Or you could also hijack it using $PATH search order with your wrapper to get existing terminal sessions too, there's a lot of ways to skin that cat.

[lrvick]

Endless ways, which is why I do not understand why sudo is ever used anymore, especially in production.

You do not need root to do anything in Linux these days anyway between Namespaces and Capabilities so there is really no reason for root to be accessible at all or have any processes running as root post boot.

[GCUMstlyHarmls]

I dont mean to be snarky, can you run `pacman -Syu` without root with "new" tech? Or do you mean in general on production systems or whatever?

[lrvick]

Plenty of package managers can install to an arbitrary directory like ~/.local. Each user, or even each project, can have its own rootfs full of software.

The only things I tend to have running at the system level are a kernel and init and maybe openssh.

[Ferret7446]

That is one of many reasons to keep your dotfiles under version control.

[lrvick]

Someone that can wrap your sudo binary can wrap you git binary too. Once your OS is compromised all bets are off.

[lpribis]

How would that help? Unless you happen to check the dotfiles git diff before running _anything_. I guess this could be put in prompt or some cron job to detect diffs but I bet absolutely nobody does this.