Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
Sure, we can (also) go over that at today's BALUG meeting - presuming folk(s) are interested. I think I only made it about 1/3 or of the way through my security materials on that earlier - that was the meeting from about two months ago - 2017-05-15.
I do also have "slides" from that ... I should get those up fairly soon too.
I made the point, over dinner conversation, that many Linux distributions[1] configure sudo in a way that IMO seriously weakens overall system security. Specifically, on such distributions, you are able to type
sudo [action]
...and supply your _own_ password to run the requested command with elevated privilege. My point over dinner is that this results in a situation where an attacker who steals your regular user credentials gains free privilege-escalation to superuser abilities as well, without needing to overcome any additional security obstacle. This IMO greatly weakens the traditional Unix security model, where stealing root (etc.) is a deliberately separate, much more difficult problem from stealing grunt user credentials.
Personally, I am lastingly wary of sudo, and prefer to have scant reliance on it. However, for people who _do_ rely on it, there's something you can do that could help:
Step 1 of 2: Set a root password.
sudo passwd #pick a strong & different password, and don't lose it
Step 2 of 2: Alter sudo to require the _root_ password for privileged actions, and not just the user's own password.
visudo
You are now editing /etc/sudoers using a special editing mode. Find the section with various lines starting with keyword 'Defaults'. At the end of that section, add a new line:
Defaults rootpw
Save and exit the editor. You are done.
In very general terms, the main reason why I'm wary of sudo is that it's Rube Goldberg-ish: It introduces somewhat baroque complications to system security, and doing so is always a Very Bad Thing unless it has very strong compensating virtues that I seldom see in the case of sudo.
[1] Including one named for an African word meaning 'can't install Debian'.