journalctl + less
As identified previously, the david user has a sudo command configured to execute journalctl, which could be abused for gaining higher privileges
All that is required is to input !/bin/sh within the less pager
System Level Compromise