Re: As seen above: use of su vs sudo
On Tue, Aug 07, 2018 at 06:01:27PM +0000, Curt wrote:
I thought his point might be that in typing the full path at least you
know you're getting '/bin/su' and not some other 'su' that a malevolent
individual might have created in your home directory after prepending HOME
to your path, for example (in that malevolent person's effort to elevate
himself to superuser status).
Yes, it's just a completely useless thing to do for most plausible
attack scenarios. Typing unnecessary characters to possibly protect
yourself from one extremely specific (and frankly unlikely) attack seems
more superstition than science; in a couple of decades of looking at
compromised computers, I can't recall ever running across an attack in
the wild that depended on someone typing "su" and not "/bin/su".