On Fri, May 20, 2022 at 08:41:43PM -0400, The Wanderer wrote:
> On 2022-05-20 at 20:28, David Wright wrote:
> > $ function /usr/bin/sudo { echo teehee; }
> > $ /usr/bin/sudo whatever
> > teehee
> > $
>
> A quick test demonstrates that this can be worked around via the 'unset'
> command:
Until you define a function named unset.
But the real point here is that you should only use sudo or su (or doas
or any other program that reads your password) from a trusted environment.
What you definitely should NOT do is get called by a coworker, go over to
their workstation, hear the description of a problem, and try to fix it
from their computer, where they may have overridden su/sudo/etc.
Go back to your own desk first, and fix it from there.
