Thomas Hood [2009-04-12 17:14 -0000]: > Something that should be explained to people using sudo for the first > time is that sudo makes the terminal in which it is run vulnerable to > malware after sudo has been used to run any command. (After the user > does, e.g., "sudo tail /var/log/syslog", any other command the user runs > in the same terminal can itself use sudo to elevate its privileges, > until the timeout expires.) Users should perhaps be advised to run > third party scripts only in freshly launched terminals.
That wouldn't help really. First, your own user account has _much_ more interesting personal data than root's, and second, once you have a local user account which can (and does from time to time), you lost already, since that malware can always install aliases, fake gksu's, and other tricks to lure you into giving away your password. -- Introduction to sudo on first use. https://bugs.launchpad.net/bugs/65541 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
