On Wed, 1 Nov 2000, Damon Muller wrote: > Without actually knowing your password, which sudo requires, having > your account *isn't* equivalent to having root.
It's certainly possible to build a "rootkit" style setup which would be suitable for converting a privileged account into root. What if I write aliases for 'ls' and other common file utilities to conceal my existence, and install a trojan 'passwd' or 'sudo' program (or something along those lines) which (in addition to passing all your arguments to the real program) also logs and secretly reports your keystrokes? Counting on someone with access to your account to not eventually get hold of your password, is almost like counting on a chroot() jail to contain someone with root access. It's a nuisance and can slow down an attacker (or stop an inept one) but really doesn't provide much additional security against a quality attacker.
