Re: As seen above: use of su vs sudo

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Tue, Aug 07, 2018 at 06:29:58PM +0200, Nicolas George wrote:
> David Wright (2018-08-07):
> > This does make me wonder why nobody here seems to have pointed out
> > that su should be spelled "/bin/su -". My fingers have been wired
> > that way for 20 years.
> 
> As I said, there are more subtle ways, and the full path will not
> protect you from them.

wooledg:~$ function /bin/su { echo haha; }
wooledg:~$ /bin/su root
haha

Just one of many ways a malicious user can compromise the interactive
environment.  An even better one is to run a key logger, to capture the
root password when you type it in their X session.