3·
10 days agowhich sudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.
to see how your shell will execute ‘sudo’, say type sudo (zsh/bash). to skip aliases/functions/builtins say command sudo
no, if the attacker can change files in your account, they can read every byte you type in and respond with anything, including pretending to be a normal shell. im not sure how to prevent ssh from running commands in your shell