I am trying to grasp some basic principles of security in Linux (I used Centos 8.0 and Kali 2020 in the example below).
I found that providing you have an account in a particular system that is in the /et/sudoers and its entry is ALL=(ALL) you can execute every command with sudo. Having said that, we can use less with sudo to list say some log file in /var/log
sudo less /var/log/<some log file here>
once listed we might type !sh
inside the less which will give us root console. To the best of my knowledge, this is a post-exploitation technique known as shell escaping.
My question is what's the point of escaping the shell since my account already has capability to run commands with sudo, I mean isn't this the same. Does me receiving this root shell inside the less command give me any more privileges that I can use to further compromise a system? And if it does, can we say in the /etc/sudoers that my account can execute all commands with it except less for instance?