| ▲ | lrvick an hour ago |
| This could for instance be injected into your .bashrc when you do an "npm install" of a package that has a deeply nested supply chain attack. Then the next time you run sudo, phase2 triggers installing a rootkit, etc. |
|
| ▲ | Ferret7446 22 minutes ago | parent | next [-] |
| That is one of many reasons to keep your dotfiles under version control. |
| |
| ▲ | lpribis 11 minutes ago | parent [-] | | How would that help? Unless you happen to check the dotfiles git diff before running _anything_. I guess this could be put in prompt or some cron job to detect diffs but I bet absolutely nobody does this. |
|
|
| ▲ | arcfour 40 minutes ago | parent | prev [-] |
| Or you could also hijack it using $PATH search order with your wrapper to get existing terminal sessions too, there's a lot of ways to skin that cat. |
| |
| ▲ | lrvick 28 minutes ago | parent [-] | | Endless ways, which is why I do not understand why sudo is ever used anymore, especially in production. You do not need root to do anything in Linux these days anyway between Namespaces and Capabilities so there is really no reason for root to be accessible at all or have any processes running as root post boot. |
|
