Hi!
At this point a user can execute su, and he will get a root shell. He can also execute any command in privileged mode. The idea of using sudo initially was giving the user iftop access. However the user ends up with total root access.
Indeed. [..] The second answer is that there's a compile-time option to disable this functionality (which I'd also forgotten about, but the change log claims it was introduced in 0.17).
I can't remember exactly how to use it, but something like:
export CFLAGS=-DNO_SYSTEM
then rebuilding may do what you want.
There ist still an other way (which I just learned myself): Properly configre your sudoers.
sudo can (on supported platforms) prevent subshells (or any subcommands) to be run.
E.g. the following:
are ALL=NOEXEC: /usr/sbin/iftop
Allows the user "are" to execute iftop, but prevents him from executing a subshell. iftop will then display a "permission denied" error.
More details are in the sudo manpage under the topic "REVENTING SHELL ESCAPES".
Best regards, Alexander, wondering if the Debian packages should this disable this feature completly or just document and recommend the NOEXEC trick.