Anything running in the user context can edit ~/.bashrc and set aliases. But with aliases you don't get root access.
sudo goes to great lengths to ensure that the password is directly passed from the console and not passed through a pipe. SUDO_ASKPASS can circumvent this security. So this badly needs fixing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2019496 Title: Security implications of SUDO_ASKPASS Status in sudo package in Ubuntu: New Bug description: All that is needed to subvert sudo is adding this line to ~/.bashrc alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A" and a program that reads the password from the command line and makes use of it. Ignoring the SUDO_ASKPASS environment variable would be an option to stop this. Best regards Heinrich To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
