whichsudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.
to see how your shell will execute ‘sudo’, say typesudo (zsh/bash). to skip aliases/functions/builtins say commandsudo
meh nvm none of these work if your shell is compromised. you’re sending bytes to the attacker at that point. they can make you believe anything
Also double check that sudo is the right command, by doing
which sudo. Something I just learned to be paranoid of in this thread.Unless
whichis also compromised, my god…which sudowill check$PATHdirectories and return the first match, true. however when you typesudoand hit enter your shell will look for aliases and shell functions before searching$PATH.to see how your shell will execute ‘sudo’, say
type sudo(zsh/bash). to skip aliases/functions/builtins saycommand sudomeh nvm none of these work if your shell is compromised. you’re sending bytes to the attacker at that point. they can make you believe anything
Maybe if you escaped the command like
\\type sudo?You assume the shell isn’t compromised.