[08:06] <user9d> # this allows an attacker to make a poor ordinary user 0% able to do things they love to do on their computer [through the terminal]:
[08:06] <user9d> printf '\n\n\nalias sudo=""\n\n\n' | tee -a /home/user9d/.bashrc
[09:47] <konstruktoid> but you still need sudo perms
[09:48] <konstruktoid> and if the attacker got user shell access, i assume there's missing patches as well
[14:11] <user9d> hmmm
[14:13] <user9d> konstruktoid:  by "missing patches" you mean the /etc/sshd.conf [?] ssh server configuration that allowed auto-login to the user shell?
[14:52] <tomreyn> user9d: i would assume that konstruktoid meant that an unauthorized user should not be able to get system access in the first place.
[14:54] <tomreyn> (and would have had to resort to hacking their way in through vulnerabilities in outdated software)
[14:57] <konstruktoid> Yeah, and if they get local access, it's because of lack of management (sshd config, weak passwords, ... ) and thus there's most likely unpatched local vulnerabilities (e.g. a kernel on an system that needs a reboot)
[14:58] <konstruktoid> But sure, free sudo is always nice.
[14:58] <konstruktoid> But that also requires NOPASSWD otherwise the user would probably notice it (hopefully)