Or you could also hijack it using $PATH search order with your wrapper to get existing terminal sessions too, there's a lot of ways to skin that cat.
replyEndless ways, which is why I do not understand why sudo is ever used anymore, especially in production.
replyYou do not need root to do anything in Linux these days anyway between Namespaces and Capabilities so there is really no reason for root to be accessible at all or have any processes running as root post boot.
I dont mean to be snarky, can you run `pacman -Syu` without root with "new" tech? Or do you mean in general on production systems or whatever?
replyPlenty of package managers can install to an arbitrary directory like ~/.local. Each user, or even each project, can have its own rootfs full of software.
replyThe only things I tend to have running at the system level are a kernel and init and maybe openssh.
That is one of many reasons to keep your dotfiles under version control.
replySomeone that can wrap your sudo binary can wrap you git binary too. Once your OS is compromised all bets are off.
replyHow would that help? Unless you happen to check the dotfiles git diff before running _anything_. I guess this could be put in prompt or some cron job to detect diffs but I bet absolutely nobody does this.
reply