Bug#512803: Why is su preserving the environment?
Josselin Mouette
joss at debian.org
Sat Jan 24 09:07:38 UTC 2009
Le samedi 24 janvier 2009 à 09:04 +0100, Reinhard Tartler a écrit :
> the latter command indeed prunes the environment, and calling
>
> su -c gnome-terminal -
>
> sucessfully fails (heh) with failing to open a display. whats the
> problem here?
"su -" is actually pruning the environment as it starts a login shell.
This should be slightly orthogonal to preserving the environment.
Actually, "su -p -" *does* preserve it. When not starting a login shell,
the -p option does actually nothing (and the documentation doesn’t
mention this).
I think Steve has a point, and as he explains, this is not a big
security issue; however it is breaking the expectations you have when
logging as another user. For example, it is not expected that starting
an application as the other user will re-use the running one, and it is
not expected that accessing the GNOME keyring will show the passwords of
the original user.
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090124/c34e60a4/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list