Hacker News new | ask | show | jobs
by sinsudo 36 days ago
Anything that can be modified by an attacker can not be used to secure the sudo command. This is a recursive requirementor hierarchy for secure systems.
1 comments
eviks 36 days ago
You can set the permissions so that the attacker can't modify it?
link
lrvick 35 days ago
You would need to prevent an attacker from installing shell aliases, or shell config files, or altering any binaries in PATH.

Like, sure you could, but you end up with a very useless system.

Easier to just use VMs for each security context.

link
eviks 35 days ago
Is any of this specific to a link vs tyre original full-pathed sudo?
link