What is (theoretically, or practically) being achieved by running sudo instead of just logging in as root? Can you give an example that justifies typing your password up to hundreds of times per day coupled with deliberate hashing delays?
If a network intrusion detector warns about something being changed, you can review the logins to see that it happened right as an authorized person accessed the box. A common practice is to not allow root direct ssh access.
They say Windows has a more advanced security system, but what does that actually mean in practice? Okay, it has everything is an object, then you can just set permissions on objects. Okay, the OS just has to check if you have permission to an object before you access that object.
What if there are just a billion objects and you can't tell which ones need which permission, as an administrator. I couldn't tell if this example actually exists from the article as it only talks abstractly about the subject. But Windows security stuff just sounds like a typical convoluted system that never worked. This is probably one of the one places where UN*X is better off, not that it's any good since it doesn't support any use case other than separating the web server process from the DNS server process, but that it's very simple.
What if the objects do not describe the items I need to protect in sufficient detail? How many privilege escalation / lateral movement vulns were there in Windows vs any UN*X?
Which circumvents the bad reputation of certain exit nodes:
> Due to the behavior of some individuals using the Tor network (spammers, distributors of malware, attackers), the IP addresses of Tor exit nodes may earn a bad reputation, elevating their Cloudflare threat score.
Given that the most common use of sudo is to give yourself root to run a command, and malware looking to elevate root can just rig up ~/.bashrc, what use is this patch? What use cases does it apply to and how common are they?
Sudo has much more fine-grained abilities for more surgical use-cases, like giving users the ability to only execute certain commands as a certain user, with detailed logging and auditing. It has a pretty involved config file (the pdf docu for it is 80 pages long), a plugin system, a seperate log format and log server, etc
I also believe those use-cases aren't that common anymore since multi-user systems fell out of favor. There is an argument that most of us could use a vastly simpler tool instead to reduce the attack surface. But that tool wouldn't be sudo, because sudo is built around supporting all these use cases.
The 'exploit' runs under the sysadmin's user. It gets there when the sysadmin inadvertently installs something malicious under their own user, or something they're running is exploited for example.
A little known secret is that you can actually search not only backward (ctrl+r), but also forward (ctrl+s). The problem is ctrl+s is bound by default to (obscure terminal thing) that stops your terminal from outputting anything. This can be disabled with stty stop ^-, and then ctrl+s will work as intended.
