Ok, so the malware runs a keylogger / clipboard logger, gets the password and runs sudo on it's own. Or replaces your shell by putting exec ~/hackedbash into your bashrc
Password on sudo is only useful if you detect the infection before you run sudo
Ok, so the malware runs a keylogger / clipboard logger, gets the password and runs sudo on it's own. Or replaces your shell by putting exec ~/hackedbash into your bashrc
Password on sudo is only useful if you detect the infection before you run sudo
Could link it to a yubikey via pam.d so you need a fingerpress to authenticate.
Physical attestations are hard to solve, I think it would be nice if all TPMs in laptops had this. Then the problem becomes how do you automate stuff that needs to be done.
And then the moment you authenticate, the fake sudo still executes its payload.
Yubikeys do not fix this issue.