For Example
Is it safer to do:
$ sudo [cmd] [args]
[enter user password]
or
$ su - [enter root password] # [cmd] [args]
I always assumed they are the exact same thing, because sudo utilizes setuid-root, so the process that is run as sudo's first arg is run with the sudo's effective ID, which is root.
my question is: Does sudo ever eventually drops its effective ID to the normal user's? Then in that case, number 1 above would be a safer bet, because IF the program/service that sudo is running with is compromised by an attacker, then there is a chance that the attacker is not running as root, because the privilege has already been dropped (kind of like a race condition)? But compare to the number 2, then any program compromised while running as root is detrimental.