[Iftop-users] Security Issue With iftop
Paul Warren
pdw at ex-parrot.com
Mon, 18 Jan 2010 18:24:43 +0000
Ali,
On 18 Jan 2010, at 16:35, Ali Jawad wrote:
> As you all know a non root user can not run iftop. So the most
> obvious workaround is to use sudo. Now if you give a regular user
> sudo access he will execute.
>
> sudo iftop
>
> Once he is inside iftop. He can execute ! he will get the following
> promtp
>
> command >
I have to say, I'd completely forgotten that that feature existed!
> At this point a user can execute su, and he will get a root shell.
> He can also execute any command in privileged mode. The idea of
> using sudo initially was giving the user iftop access. However the
> user ends up with total root access.
Indeed.
There are two answers to this. The first is that although this
provides the user with a very direct and simple way of getting a
shell, I would not warrant that there are not bugs in either iftop or
any of it's library dependencies that can be exploited to give
privilege escalation. This applies to just about any non-trivial
program that you may wish to make available via sudo.
The second answer is that there's a compile-time option to disable
this functionality (which I'd also forgotten about, but the change log
claims it was introduced in 0.17).
I can't remember exactly how to use it, but something like:
export CFLAGS=-DNO_SYSTEM
then rebuilding may do what you want.
Paul