That’s a class of attacks that sudo doesn’t even pretend to address. I’m not championing sudo, but consider it as one piece of a “Defense in depth” approach.
I reread, can see that now. I think the commentor was speaking to a conversation that had shifted. I’ll leave my comment but also vote them up - theirs was a fair point.
cgroups let you limit a user's usage of system resources. Like disk quotas, you need to configure this yourself if this is a threat model you care about, but it comes out-of-the-box with all modern distros.
