Not really.There are dozens of other ways to escalate to a privileged shell anyway. You should always be wary of what you install on your system.
Passworded sudo does not protect against this. At best it gives users a moment to think about what they’re doing and guards their system from brief moments of being unattended.
And passwordless sudo is only granted for the OSMC user, so for example, one cannot escalate this way.
Getting the balance right can be tricky but I think we have it right.
We could probably move back to a passworded sudo mechanism by changing the watchdog script for Kodi. We can set CAPS via systemd and rework the script, but this is low on the list. Kodi doesn’t really need sudo rights. This is where it’s used:
But then you need to think about how we allow changes to hostname, changes to timezone and other system settings. This is added by OSMC, and it’s not easy to make these system changes without temporarily elevating permissions.
I’ll accept a PR to change the behaviour, if you’re willing to work on it.
It’s not as interesting as you think. Just a standard sandboxing mechanism. The attack surface is very low currently, after the changes it should be non-existent.