Re: As seen above: use of su vs sudo
On Tue, Aug 07, 2018 at 06:29:58PM +0200, Nicolas George wrote:
> David Wright (2018-08-07):
> > This does make me wonder why nobody here seems to have pointed out
> > that su should be spelled "/bin/su -". My fingers have been wired
> > that way for 20 years.
>
> As I said, there are more subtle ways, and the full path will not
> protect you from them.
wooledg:~$ function /bin/su { echo haha; }
wooledg:~$ /bin/su root
haha
Just one of many ways a malicious user can compromise the interactive
environment. An even better one is to run a key logger, to capture the
root password when you type it in their X session.
Reply to: