[Iftop-users] Security Issue With iftop
Paul Warren
pdw at ex-parrot.com
Wed, 20 Jan 2010 16:59:38 +0000
On 20 Jan 2010, at 15:21, Michael Shigorin wrote:
> PreScriptum: Paul, could you please accept changes done here?
> http://git.altlinux.org/people/ldv/packages/?p=iftop.git
I need to review what has been done there, as those patches appear to
tackle a range of different issues.
I would encourage you to submit patches directly to the list in
future, as you write them, as it's much easier to discuss and accept
them as they are written.
> I think that a privileged program shouldn't execute arbitrary user
> specified programs unless explicitly configured to allow such insecure
> behaviour.
iftop is not, by design, a privileged program. There is nothing in
the documentation that endorses running it setuid root, or in a sudo
wrapper. As such, the ability to get to a shell is no different from
the fact that vim allows you to run arbitrary programs.
That said, the fact that iftop requires root privileges in order to
run in the vast majority of environments means that a shell escape
that is on by default may come as a nasty surprise to admins who use
sudo / setuid root to grant access to iftop to semi-trusted users, and
I would certainly consider making this an off-by-default compile time
option.
Paul