sudo timeout: security risk?

[tgm4883]

So does this mean after issuing a sudo command in a terminal then accidentally visiting a hacked website that exploits a code execution vulnerability in Firefox *can not* execute a system("sudo rm -rf /") to wipe out my system?

One timeout per terminal?

It can, but not for the reason you specified. It would need to run it in the same terminal you run sudo in. Basically, if you got code running as your user, it just has to wait until you run something else with sudo, then it has full access to your machine. I've posted basic bash scripts that would do that in another thread. The key though is that a FF vulnerability would need to be exploited or the code would need some other way to run on your system first.

[Shining Arcanine]

Well, as another thread so proudly states, "Physical Access is Root Access" so...

That is not the case if you are running a remote ssh session. You do not automatically get root access by getting access to a terminal.

[tgm4883]

That is not the case if you are running a remote ssh session. You do not automatically get root access by getting access to a terminal.

A remote ssh session isn't physical access now is it.