logoalt Hacker News

FooBarWidgettoday at 8:16 AM2 repliesview on HN

It would be great if

1. shells support the notion of privileged commands, that can't be overridden with PATH manipulations, aliases or functions.

2. Sudo (or PAM actually) can authenticate with your identity provider (like Entra ID) instead of a local password. Then there is nothing to sniff and you can also use 2FA or passkeys.

Replies

lrvicktoday at 10:12 AM

Neither would actually help in this case though. Malware could manipulate both of those as an unprivileged user to run malicious code the next time you elevate privileges.

Remember that malware can replace or modify your shell

show 1 reply
ctippetttoday at 8:55 AM

Fish shell has builtin[1], although sudo is not one of the commands it covers.

[1] https://fishshell.com/docs/current/cmds/builtin.html