Does Sudo require an admin password to use? My understanding is that this exploit works if the user is already logged in as Admin; thus the attacker doesn't need the password. And if Sudo was already run once before, it won't ask for a password(?) so again, no need for the attacker to know the password. That said, if you can do all that, can't Sudo do more than change the clock? Maybe Sudo should just always require an admin password to launch?
8/29/13 at 6:56am