@seth-arnold I agree with you that there are other things to address as well.
In the art of hacking you most probably get into a system via some kind of service. You maybe have the privileges of a daemon. You then get an access to the first user account. You want to escalate privilege and you search to find weaknesses. As a system owner you want as many layers of protection as possible. It is a weakness that the PATH-variable can be set without given your password, since an attacker can set their evil command before the one you expect in the execution priority. The same comes to the ALIAS-command. As demonstrated, they can help compromise your system. So you are right there were more things to think about, but we all want a system as safe as possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1893241 Title: attack alias sudo with nasty payload To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1893241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
