When we run a command by sudo, the password is asked
[sudo] password for user
If the sudo is not typed the password should not be asked. If asked, I would assume it as a fraud by the application.
How about graphical applications which ask us password through a GUI? If asked for password, how can we differentiate between Linux original password dialogue or a dialogue generated by the application to look like Linux one?
Best Answer
When I worry about this, I run
sudo -k; sudo date && sudo -n wooden-horse-command
. Then I'll be prompted for the password exactly once (bysudo date
), and the sudo ticket should be fresh for the following command.Not that this gains much in terms of security, you understand. A malicious program that installs a keylogger will be more effective at grabbing your password, even if it isn't run as root.