I found another issue. As long as ".bashrc" is placed under ~, the malicious process could remove the file and replace it with a malicious one. So to make the shell trustable, maybe ".bashrc" should be moved to someplace like "/etc/bashrc.d/xxx.bashrc".
~/.bashrc is a special file, whose reliability determines the reliability of the user shell. With a trustable shell, the user could try to rescue himself by killing the malicious process, cleaning up the malicious software, and so on, without the help of root. For a user in the sudoers, a...
I am curious about the more stealthy ways.
I don't know what the meaning of "the root user" is here. If you mean the root user with uid 0, then if that user is compromised, the whole system is not trustable and should be reinstalled, there is no way to rescue. I only want to protect the...
It seems that chattr requires root privilege, then the ordinary user is not able to modify their ~/.bashrc at all. But it's a interesting utility, I will learn about it later.
Otherwise, the scipts could be easily modified by malicious software, such as this one:
#!/bin/bash
echo -e 'echo -n "[sudo] password for $(whoami): "\nread -s pw\necho I got your password: $pw' > /tmp/hack.sh
echo 'alias sudo="bash /tmp/hack.sh"' >> ~/.bashrc
If the user executes the...