[bluesmoon]

when you run sudo, it might ask for a password. if you enter the right password, it sets a user timestamp saying "this was when you last entered your password", and for some (configured) amount of time after that, you can run sudo without requiring a password.

sudo -k sets the timestamp to the epoch under the (misguided) assumption that the epoch will always be older than the configured time interval.

some distributions allow any user to change the system time without requiring root privileges. These are typically user-friendly, single-user distributions, but many people run these same distributions on multi-user server boxes as well.

so, if an attacker gains access to a user account, and assuming that user does have the right to sudo to root, the attacker can run these three commands to gain a root shell.