Maybe add good old TTY privilege escalation?

[tobwen]

What about adding the good old TTY privilege escalation? http://www.halfdog.net/Security/2012/TtyPushbackPrivilegeEscalation/

Most of the users aren't aware of it, since it has been discussed a decade ago and most of the distributions have set it on WONTFIX and without re-configuring sudo, this will remain a problem on all major distributions.

Just try it from root:

# su -l tobwen
$ id
uid=1001(tobwen) gid=1001(tobwen) groups=1001(tobwen)
$ ls -l /proc/$$/fd
total 0
lrwx------ 1 tobwen tobwen 64 Mar  6 20:15 0 -> /dev/pts/0
lrwx------ 1 tobwen tobwen 64 Mar  6 20:15 1 -> /dev/pts/0
lrwx------ 1 tobwen tobwen 64 Mar  6 20:15 2 -> /dev/pts/0
lrwx------ 1 tobwen tobwen 64 Mar  6 20:15 255 -> /dev/pts/0

Whoops, you're doomed.