[eviks]

Why not make a proper link /sudo so you don't have to type out the full path every time, which is very inconvenient? (but the fact that such workarounds are needed still means it's a theater)

[lrvick]

A simple LD_PRELOAD command can cause your shell to run "rm -rf /" when you type "/sudo".

If your unprivileged user is compromised, you are pretty hosed.

[anthk]

It should be a way to make system env vars (profile.d or simlar) as readonly so every users' shell had these set to empty values and unable to change them.

[marshray]

Shell-only, but https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V...

[anthk]

Yes; I'm aware, but for some environments writting a custom shell as the one for SDF would be an easier task. Or maybe a really restricted "ash" called "rash" -because it is- with maybe autocomplete and that's it. Hardcoded $PATH and the like.

[sinsudo]

Anything that can be modified by an attacker can not be used to secure the sudo command. This is a recursive requirementor hierarchy for secure systems.

[eviks]

You can set the permissions so that the attacker can't modify it?

[lrvick]

You would need to prevent an attacker from installing shell aliases, or shell config files, or altering any binaries in PATH.

Like, sure you could, but you end up with a very useless system.

Easier to just use VMs for each security context.

[eviks]

Is any of this specific to a link vs tyre original full-pathed sudo?