On 20 Jan 2010, at 15:21, Michael Shigorin wrote:
PreScriptum: Paul, could you please accept changes done here? http://git.altlinux.org/people/ldv/packages/?p=iftop.git
I need to review what has been done there, as those patches appear to tackle a range of different issues.
I would encourage you to submit patches directly to the list in future, as you write them, as it's much easier to discuss and accept them as they are written.
I think that a privileged program shouldn't execute arbitrary user specified programs unless explicitly configured to allow such insecure behaviour.
iftop is not, by design, a privileged program. There is nothing in the documentation that endorses running it setuid root, or in a sudo wrapper. As such, the ability to get to a shell is no different from the fact that vim allows you to run arbitrary programs.
That said, the fact that iftop requires root privileges in order to run in the vast majority of environments means that a shell escape that is on by default may come as a nasty surprise to admins who use sudo / setuid root to grant access to iftop to semi-trusted users, and I would certainly consider making this an off-by-default compile time option.
Paul