Permissions to logout/reboot (non pi user)

[jojopi]

Except the malicious script or application would not be able to run without you knowing it (you would have to enter your password at least once)

As a crude example, imagine you add to my shell configuration:

Code: Select all

sudo () { command sudo "[email protected]" && command sudo haxor; }

Unless by some miracle I notice this before the next time I use sudo, you will get root. It does not matter if I have sudo configured to ask for a password, because I will be expecting a password prompt here, and my command will appear to run fine. (You can make the attack work even if I have sudo configured to ask for a password every single time.)

If my sudo/pkexec configurations restrict me to very specific commands such as "reboot" then you may have to find your privilege escalation elsewhere. But if I am a general sysadmin on the box (by any method including su with root password) a compromise of my user account is basically fatal. The only safe thing to do then is reinstall.

[Peter Ryan]

I've been tied up for a few days so I'm a bit late, but a big thank you to everyone on this thread!