Comment 5 for bug 65541
Revision history for this message
| Martin Pitt (pitti) wrote Re: [Bug 65541] Re: Introduction to sudo on first use. | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thomas Hood [2009-04-12 17:14 -0000]:
> Something that should be explained to people using sudo for the first
> time is that sudo makes the terminal in which it is run vulnerable to
> malware after sudo has been used to run any command. (After the user
> does, e.g., "sudo tail /var/log/syslog", any other command the user runs
> in the same terminal can itself use sudo to elevate its privileges,
> until the timeout expires.) Users should perhaps be advised to run
> third party scripts only in freshly launched terminals.
That wouldn't help really. First, your own user account has _much_
more interesting personal data than root's, and second, once you have
a local user account which can (and does from time to time), you lost
already, since that malware can always install aliases, fake gksu's,
and other tricks to lure you into giving away your password.