Otherwise, the scipts could be easily modified by malicious software, such as this one:
If the user executes the malicious software, then opens another bash shell and executes sudo, then enters the password, the password could be stolen:
By requiring the password of the user or root privilege to modify ~/.bashrc and other alike files, the new shell could be trusted even after executing malicious software.
Additionally, as long as ".bashrc" is placed under ~, the malicious process could remove the file and replace it with a malicious one. So to make the shell trustable, maybe ".bashrc" should be moved to someplace like "/etc/bashrc.d/xxx.bashrc".
To further prevent that the executed software enters a fake shell and the user enters password in it without knowing that it is a fake shell, I think there should be a status bar displaying the path and pid of the current foreground process.
I don't think it's hard to implement. Then why most Linux distributions and even MacOS ignore this security issue? Is that for convenience? I'm looking forward to some discussion here. By the way, I'm not a native English speaker, so any correction of my expression will be appreciated.
Update: After some discussion, I guess the reason is indeed for convenience. Nevertheless, I will try to implement the ideas above in the (maybe far) future if I get some time, and open source it. At that time, if you want to run my script, please check the code first in case that I'm a bad guy
Bash:
#!/bin/bash
echo -e 'echo -n "[sudo] password for $(whoami): "\nread -s pw\necho I got your password: $pw' > /tmp/hack.sh
echo 'alias sudo="bash /tmp/hack.sh"' >> ~/.bashrc
If the user executes the malicious software, then opens another bash shell and executes sudo, then enters the password, the password could be stolen:
Code:
$ sudo -s
[sudo] password for searchstar: I got your password: mypassword
By requiring the password of the user or root privilege to modify ~/.bashrc and other alike files, the new shell could be trusted even after executing malicious software.
Additionally, as long as ".bashrc" is placed under ~, the malicious process could remove the file and replace it with a malicious one. So to make the shell trustable, maybe ".bashrc" should be moved to someplace like "/etc/bashrc.d/xxx.bashrc".
To further prevent that the executed software enters a fake shell and the user enters password in it without knowing that it is a fake shell, I think there should be a status bar displaying the path and pid of the current foreground process.
I don't think it's hard to implement. Then why most Linux distributions and even MacOS ignore this security issue? Is that for convenience? I'm looking forward to some discussion here. By the way, I'm not a native English speaker, so any correction of my expression will be appreciated.
Update: After some discussion, I guess the reason is indeed for convenience. Nevertheless, I will try to implement the ideas above in the (maybe far) future if I get some time, and open source it. At that time, if you want to run my script, please check the code first in case that I'm a bad guy

Last edited: