[Iftop-users] Security Issue With iftop

Michael Shigorin shigorin at gmail.com
Wed, 20 Jan 2010 17:04:27 +0200


On Mon, Jan 18, 2010 at 07:35:52PM +0300, Ali Jawad wrote:
> Once he is inside iftop. He can execute ! he will get the
> following promtp
> command >
> At this point a user can execute su, and he will get a root
> shell. He can also execute any command in privileged mode.

OTOH I didn't exactly manage to execute anything
with Dmitry Levin's iftop-0.16-alt-droproot.patch
(commit 04f8d2cb0e0e07bd834f49dcb4d49bf07e060d04 in
http://git.altlinux.org/people/ldv/packages/?p=iftop.git)
and pseudouser having his shell and home set to /dev/null:

$ sudo iftop -BP -i eth0
interface: eth0
IP address is: ...
MAC address is: ...
ls /: exited with code 127
echo test: exited with code 127
Press any key....

See also ChangeLog as of 0.17:
* Addition of "NO_SYSTEM" compiler flag to prevent subshell execution

Seems like nice default, er?

In the mean time, I'm pushing ALT Linux package built with 
CFLAGS="-DNO_SYSTEM" just in case, thanks for spotting.

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/