On Mon, Jan 18, 2010 at 07:35:52PM +0300, Ali Jawad wrote:
As you all know a non root user can not run iftop. So the most obvious workaround is to use sudo. Now if you give a regular user sudo access he will execute.
sudo iftop
Once he is inside iftop. He can execute ! he will get the following promtp
command >
At this point a user can execute su, and he will get a root shell. He can also execute any command in privileged mode. The idea of using sudo initially was giving the user iftop access. However the user ends up with total root access. Please comment.
I'd make availability of "!" depend on explicit commandline switch -- IIRC comparing getuid()/geteuid() won't help much, and for a program intended to run with elevated privileges having means to start another program is something worth reconsidering.
2 ldv: what would you say?