PreScriptum: Paul, could you please accept changes done here? http://git.altlinux.org/people/ldv/packages/?p=iftop.git
I'm attaching the full diff between 0.17 and ALT Linux package, as well as individual patch (which was since updated, see git).
2 ldv: what would you say?
--- On Wed, Jan 20, 2010 at 04:07:23PM +0200, Michael Shigorin wrote:
On Mon, Jan 18, 2010 at 07:35:52PM +0300, Ali Jawad wrote:
As you all know a non root user can not run iftop.
Unless iftop is installed suid-root.
So the most obvious workaround is to use sudo. Now if you give a regular user sudo access he will execute.
sudo iftop
Once he is inside iftop. He can execute ! he will get the following promtp
command >
At this point a user can execute su, and he will get a root shell. He can also execute any command in privileged mode. The idea of using sudo initially was giving the user iftop access. However the user ends up with total root access. Please comment.
I'd make availability of "!" depend on explicit commandline switch -- IIRC comparing getuid()/geteuid() won't help much, and for a program intended to run with elevated privileges having means to start another program is something worth reconsidering.
2 ldv: what would you say?
I think that a privileged program shouldn't execute arbitrary user specified programs unless explicitly configured to allow such insecure behaviour.
A process can check at startup time whether it is executed: - suid-root, by comparing results of getuid() and geteuid(); - by sudo, by checking SUDO_USER environment variable.
It is important to do the check at startup time, because process privileges could be lowered later.
-- ldv ---