Hacker News new | ask | show | jobs
by lrvick 34 days ago
You would need to prevent an attacker from installing shell aliases, or shell config files, or altering any binaries in PATH.

Like, sure you could, but you end up with a very useless system.

Easier to just use VMs for each security context.
1 comments
eviks 34 days ago
Is any of this specific to a link vs tyre original full-pathed sudo?
link