[eviks]

You can set the permissions so that the attacker can't modify it?

[lrvick]

You would need to prevent an attacker from installing shell aliases, or shell config files, or altering any binaries in PATH.

Like, sure you could, but you end up with a very useless system.

Easier to just use VMs for each security context.

[eviks]

Is any of this specific to a link vs tyre original full-pathed sudo?