Sudo priv escalation involving sudo -l requires the user's password

[cliffe]

Ideally add a rule to sudoers so that it doesn't, so that these priv escalation attacks work regardless of the method used to obtain access (the attacker doesn't always know the user's password). If not, make sure these modules aren't used in any scenarios where that's not the case.