5

Are sudo and gksudo safe?

view full story
linux-howto

http://unix.stackexchange.com – I noticed after running a sudo command in terminal or running a administrative application that uses gksudo, it won't ask again for the password for a time (something like 5 minutes). Now let's assume one of the programs (not running as root) I'm using has a zero day exploit (like the web browser or its plugins). And an attacker manages to run arbitrary code on my behalf. Is it possible for an attacker to do sudo or gksudo without the password prompt before the password expires and take over my system? (HowTos)