[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: As seen above: use of su vs sudo

On Tue, Aug 07, 2018 at 06:01:27PM +0000, Curt wrote:
I thought his point might be that in typing the full path at least you
know you're getting '/bin/su' and not some other 'su' that a malevolent
individual might have created in your home directory after prepending HOME
to your path, for example (in that malevolent person's effort to elevate
himself to superuser status).

Yes, it's just a completely useless thing to do for most plausible attack scenarios. Typing unnecessary characters to possibly protect yourself from one extremely specific (and frankly unlikely) attack seems more superstition than science; in a couple of decades of looking at compromised computers, I can't recall ever running across an attack in the wild that depended on someone typing "su" and not "/bin/su".

Mike Stone

Reply to: