It’s not privilege escalation because it doesn’t subvert the correct authentication mechanism, it leverages it. This particular technique is called UI input capture. It’s a script that shows a password prompt then uses your password to do things as root. Nothing untowards would be detected. The main defense is to always run commands with full path – which nobody does.
Separating the process of reaching root in two steps does nothing to improve security, it actually increases complexity and subverts security. If the system is set up to SSH as root you either have a good key or you don’t. If you force people to SSH as individual users and then use a complex mechanism to reach root you create opportunity for a hundred more attack methods, and add a false sense of security.
Input capture btw is not the only method. Sudo has a lot of them. Another very common one is leveraging the password cache timeout.
You’ve already outed yourself
How about we skip the dick measuring contest and we stick to the discussion at hand.
It’s not privilege escalation because it doesn’t subvert the correct authentication mechanism, it leverages it. This particular technique is called UI input capture. It’s a script that shows a password prompt then uses your password to do things as root. Nothing untowards would be detected. The main defense is to always run commands with full path – which nobody does.
Separating the process of reaching root in two steps does nothing to improve security, it actually increases complexity and subverts security. If the system is set up to SSH as root you either have a good key or you don’t. If you force people to SSH as individual users and then use a complex mechanism to reach root you create opportunity for a hundred more attack methods, and add a false sense of security.
Input capture btw is not the only method. Sudo has a lot of them. Another very common one is leveraging the password cache timeout.
How about we skip the dick measuring contest and we stick to the discussion at hand.