Linked by Igor Ljubuncic on Mon 21st Jun 2010 09:35 UTC

Thread beginning with comment 431027
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2006-02-15
echo alias sudo='sudo do bad stuff >/dev/null 2>&1;sudo' >>~/.bashrc
I agree with pretty much everything else you said though. Malicious people that want in don't necessarily need in "right now", they wait patiently for it.
In order for that to work the malware app in question would either have to be root in order to put the fake sudo in a location mentioned in $PATH, or it would have to place it somewhere in the user's own home directory and modify $PATH.
The problem? Well, atleast some distros use the Tomoyo/SELinux framework to disable running applications from the user's own home directory if they have the same name as a common system application, and sudo often belongs in that list.
Some shell providers even completely disable the ability for one to run executable code from the home directories or /tmp and it might actually be a good idea for home-user oriented distros too; a common home user does not have the need to execute stuff from their home directory, they'll most likely just install what they need system-wide using the package manager. Executing stuff from your own home dir is more likely a power-user feature, including programmers et al, not Joe Sixpack.