[Iftop-users] Security Issue With iftop

[Paul Warren]

On 20 Jan 2010, at 15:21, Michael Shigorin wrote:

> PreScriptum: Paul, could you please accept changes done here?
> http://git.altlinux.org/people/ldv/packages/?p=iftop.git

I need to review what has been done there, as those patches appear to  
tackle a range of different issues.

I would encourage you to submit patches directly to the list in  
future, as you write them, as it's much easier to discuss and accept  
them as they are written.

> I think that a privileged program shouldn't execute arbitrary user
> specified programs unless explicitly configured to allow such insecure
> behaviour.

iftop is not, by design, a privileged program.  There is nothing in  
the documentation that endorses running it setuid root, or in a sudo  
wrapper.  As such, the ability to get to a shell is no different from  
the fact that vim allows you to run arbitrary programs.

That said, the fact that iftop requires root privileges in order to  
run in the vast majority of environments means that a shell escape  
that is on by default may come as a nasty surprise to admins who use  
sudo / setuid root to grant access to iftop to semi-trusted users, and  
I would certainly consider making this an off-by-default compile time  
option.

Paul