Reminding people that this is a viable threat model is why sudolph.in exists, albeit for the drive-by someone-left-their-laptop-unlocked case rather than regular local privilege escalation.

I should probably add a check for catching someone within the sudo timeout and give them a hard time if so.