On 2022-05-22 at 14:53, Charles Kroeger wrote: >> There is no silver bullet that makes your system secure. > > I get a login shell with $su --login > > I don't have sudo installed > > is there something heretical about that, I should know?
Not heretical, but - if something has compromised your user environment, it could have replaced the command 'su' with a function which captures the password you type, stores it for later use by malware (or even uploads it to a remote server), and then invokes su properly (with the same parameters you gave) so that you won't notice that this has happened. The point / gist of this particular subthread seems to be that there is no effective way to prevent this from happening - or even to *detect* it with certainty, other than examining the hard drive while booted into a running environment which has not itself been compromised. (The old story about hacking the source of gcc to detect when it's compiling /bin/login and insert a backdoor, and to detect when it's compiling gcc and insert code to make it do both of these detect-and-insert operations, comes to mind. That story as I learned it always ended with the note that the guy doesn't *think* he ever let a version of gcc which had been compiled to do these things out into the wild... but he isn't completely certain.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
