Yes. There are enough signed and exploitable Windows Boot loader which you can use to boot anything you want.

cve-2021-3156 heap overflow in sudo. roughly 10 years long in sudo. Allowed privilege escalation. It was huge.

There are many ways to harden against it, but “just disable root auth” is not really it, since it in itself does not add much.

No you can alias that command and hijack the password promt via bashrc and then you have the root password as soon as the user enters it.

With aliases in the bashrc you can hijack any command and execute instead of the command any arbitrary commands. So the command can be extracted, as already stated above, this is not a weakness of sudo but a general one.

And how would you not be able to hijack the password when you have control over the user session?

And what do you suggest to use otherwise to maintain a server? I am not aware of a solution that would help here? As an attacker you could easily alias any command or even start a modified shell that logs ever keystroke and simulates the default bash/zsh or whatever.

The scenario OC stated is that if the attacker has access to the user on the server then the attacker would still need the sudo password in order to get root privileges, contrary to direct root login where the attack has direct access to root privileges.

So, now i am looking into this scenario where the attack is on the server with the user privileges: the attacker now modifies for example the bashrc to alias sudo to extract the password once the user runs sudo.

So the sudo password does not have any meaningful protection, other then maybe adding a time variable which is when the user accesses the server and runs sudo

The attacker that is currently with user privileges on the server?

Most comments here suggest 3 things

1. least privilege: Which is ok, but on a Server any modification you do requires root anyway, there is usually very little benefit
2. Additional protection through required sudo password: This is for example easily circumvented by modifying the bashrc or similar with an sudo alias to get the password
3. Multiuser & audittrails: yes this is a valid point, on a system that is modified or administered by multiple ppl there are various reasons lime access logging and UAC for that

An actual person from the pen testing world: https://youtu.be/fKuqYQdqRIs

The sudo password can be easily extracted by modifying the bashrc.

Nope, not really. The only reason ppl recommend it is, because “you have then to guess the username too”. Which is just not relevant if you use strong authentication method like keys or only strong passwords.

Either you are heavily misinformed about how difficult arch is, or you lack any confidence in your ‘Linux skill’.

Choose the system you want to achieve, follow the wiki and choose the software you want to use using it and you are good to go, it really is not that hard. You can always use archinstall.

Tbf, winget is a god sent and works surprisingly well, took them what? 30 years to get it done?!

Just today I logged into a Workstation at work, just to see 2 versions of Teams being auto launched. And no, no one installed 2 Versions, it was Windows.

Yep. The difference is simply put just ppl are used to the quirks on Windows but not on Linux.

If I decide to put up with this type of attitude

Your the one insulting me.

Would you say pointing the finger at the linux devs and maintainers saying they should work harder does improve anything and drives ppl to volunteer?

Maybe you should take a read on Wikipedia on what gatekeeping is before you insult me. https://en.m.wikipedia.org/wiki/Gatekeeping_(communication)

OC stated those things ‘should be worked on’. What else is it than blaming ppl?

Yes things could be better, but saying things should be better while sitting on their ass and doing nothing is just not correct to say. If you say it should be better then you should take part in it getting better.