I was thinking (brace yourselves) : how about the possibility to modify the name of su/sudo/bash/sulogin binaries (system-wide) to a personalized version upon install ? I mean everywhere, even the kernel.
This would make any configuration almost hacker proof given they also get encrypted with a passphrase. Also, with hardlinks to them and with the binaries stored in a dedicated external drive, this would even be better than a token.
One has the power to rename binaries at will, but this requires a rename each and every time the binaries are needed “to not break things”, say, before/after a reboot.
Any thoughts? This is just a general discussion, though I’d like to get your view on it.
Have fun people!
2 Likes
So you mean I can be called whatever your like ? 
2 Likes
I like the idea.
How about a list of different aliases, optionally for onetime use ?
When none is left, you got regular sudo available again and can create a new list.
2 Likes
I’ve “discovered” how dirty wtsapi32.dll on windows can be and what I said and what you propose can have a real effect only if those binaries are not kept in RAM. If that’s the case, then it’s awesome.
wtsapi32.dll is responsible for everything that’s remote access on windows and it’s a crucial library, so much you can’t log in without it because SENS fails; when logged in, if removed/altered, most programs relying on remote access fail. I’ve discovered that chrome and firefox are among them, which was a daunting discovery when you suddenly find out how different browser engines do not explicitly require it to work (though firefox can be modified to work without it). Even explorer can brag about it at times. I had to keep track of its address to remove it physically from the ram each and every time. I’m saying this only to prove how vulnerable such systems can be.
A malevolent actor can always manage to forge a sudo to deploy in a multitude of ways, but being a foreign library, if we could also have some hash checks to avoid any “sudoers” other than those we prepared from ever having super-user controls when the malware tries any privileged action, that would be astonishingly secure even for a machine that’s constantly connected or one that already has malware embedded in any firmware as it would get locked out.
I don’t know if such an option is out there already, but if it isn’t, it makes me wonder why nobody thought of it before, unless somebody left this out on purpose… 
I mean, it’s not like I’m a genius or something, isn’t it? 
Anyway, often such conversations get flagged as the ramblings of an overzealous,paranoid individual but people also forget how vital it is to keep infrastructures safe, all along with the intellectual property they can carry. So, please, if there’s anybody that’s just barely thinking about bringing this argument, please, think twice. 
P.s. : I want to stress out that this is only a general discussion on the matter, I’m not expecting anybody to implement this (though, in all honesty, I’d like the idea) as anyone can code the above features for their own safety, should they ever wish to.
Nope dear Nth sudo, you’re going to get locked out entirely this time. 
See people ? Here’s another wannabe. 
This is SERIOUS. I’m going back to Workbench on the A1200… 
1 Like
I mean, something “like this”. 
Last mod…The best part of it all…
All binaries are now recognized as such and nothing works unless the external drive is inserted.
Winner? 
I just miss the hash check against foreign “sudoers” with wrong signatures and, basically, that’s it. 
P.s. : I’ve discovered that firefox doesn’t start unless those binaries are there…Just like on windows. “I wonder” what types of “privileges” it should ever need to run…Mmmm…
No “problem” though:
-Insert drive.
-Load firefox/new window(or any other program for that matter).
-Remove drive.
It definitely means that it keeps them in RAM for each process it runs…
Even in a sandbox, that’s a serious vulnerability imho, but I do recognize this is “by design” even on linux.
EDIT: sorry, I’m a moron, it brags about SH, of course. My fault.
1 Like
You can rename the sudo binary to your liking, and rename some alerting binary to sudo.
Why just disallow using sudo when you can receive an sms when anyone uses it?
1 Like
Let me be serious here. I amend for the funny post that wasn’t funny at all.
Why should I ever want to receive an SMS, considering that SMS is the equivalent of HTTP (it’s totally unencrypted) ? Also, I’m using a 4G modem with phone capabilities directly on the computer. In this scenario, it doesn’t help too much. But if somebody should ever reach for “super user powers”, it’s too late already, either you get alerted or not, as it means that you’ve been breached, and that’s not good.