You must log in or register to comment.
Someone needs to come up with a variant of su that will let you log in to an elevated account for a fixed purpose or time… so you can kick off an elevated process chain but know that some other person or script can’t piggyback on your session to do other stuff.
Sudo always felt like a system with that sort of potential but way too large an attack surface.
It’s almost like you dream of pfexec.
That would not work. You might reduce the time frame for an attack but any second of elevated privileges is enough to backdoor the system and let somebody in.
Windows allows you to open cmd as an administrator, so all you do in that tab is as an admin. In assume something similar could don’t, but obviously coukdnbe used for escalation attacks.
