As explained here (https://www.helpnetsecurity.com/2014/06/27/exploiting-wildcards-on-linux/), the tar
command can be used to execute arbitrary code.
Is there a list of Linux commands, preferably including commands in packages in the official distro repos, along with whether they are known to have any functionality which executes user-supplied code? Of course, such an analysis could not determine that a command is secure, just that there is not a well-published way to execute arbitrary code.
EDIT: The system has a quite a few commands whitelisted, and although there is a legitimate use for all of them (eg. kill
to kill a hung VPN connection) I think there might also be some illegitimate uses. I am not asking whether to apply the principle of least privilege, but if I am applying it effectively here. Rather than just asking about the specific commands on my system, I decided to ask a more general question.