On Mon, Jan 18, 2010 at 07:35:52PM +0300, Ali Jawad wrote:
Once he is inside iftop. He can execute ! he will get the following promtp command > At this point a user can execute su, and he will get a root shell. He can also execute any command in privileged mode.
OTOH I didn't exactly manage to execute anything with Dmitry Levin's iftop-0.16-alt-droproot.patch (commit 04f8d2cb0e0e07bd834f49dcb4d49bf07e060d04 in http://git.altlinux.org/people/ldv/packages/?p=iftop.git) and pseudouser having his shell and home set to /dev/null:
$ sudo iftop -BP -i eth0 interface: eth0 IP address is: ... MAC address is: ... ls /: exited with code 127 echo test: exited with code 127 Press any key....
See also ChangeLog as of 0.17: * Addition of "NO_SYSTEM" compiler flag to prevent subshell execution
Seems like nice default, er?
In the mean time, I'm pushing ALT Linux package built with CFLAGS="-DNO_SYSTEM" just in case, thanks for spotting.