On Feb 14, 2005, at 8:31 PM, Andrew Errington wrote:
If it's a laptop, the most probable account compromise is someone actually getting physical access to the machine. At which point it's game over, they have the hard-drive, they have access to everything (except extremely-well encrypted data, I guess - and there will probably be none of that)sudo then if their user account is compromised then only a subset of commands are available.
So that's not a "real" risk :-) Theft is a real risk.
Does sudo leave the door wide open during the time-out period?
If my user account has been compromised, eg. by a trojan or some exploit, and I execute a sudo command, doesn't that leave a time-window during which the attacker could install itself with root privileges?
======================================================================= This email, including any attachments, is only for the intended addressee. It is subject to copyright, is confidential and may be the subject of legal or other privilege, none of which is waived or lost by reason of this transmission. If the receiver is not the intended addressee, please accept our apologies, notify us by return, delete all copies and perform no other act on the email. Unfortunately, we cannot warrant that the email has not been altered or corrupted during transmission. =======================================================================
