Bug#155279: [Pkg-shadow-devel] Bug#155279: Bugs #155279: Should "su -" get environment from /etc/environment?

[Alexander Gattin]

Hi!

On Wed, Apr 06, 2005 at 07:44:29PM +0200, Christian Perrier wrote:
> Please read http://bugs.debian.org/155279 for the whole story.

And also bug #287108, although they are _different_.
But related very closely.

> In short, this bug requests that "auth required pam_env.so" is added
> to /etc/pam.d/su so that the contents of /etc/environment is used when
> issuing a "su -" to become root.
> 
> OTOH, doing so will lead to "su" getting env variables from that file
> too and thus breaking the expected behaviour (keeping the originating
> user environment).

There are two grave :) errors in the above:

1) after uncommenting "auth required pam_env.so" line
   in /etc/pam.d/su the contents of /etc/environment
   won't be used anyway due to #287108 (fixed in
   upstream)
2) these who wrote su.c were far from stupid, ;) and
   considered the problem long time ago. Thus su.c
   simply contains "environment handling" (EH) code which
   does not import environment from "PAM env space" (PES)
   when running without dash.

   From what I saw, all pam modules, including pam_env,
   operate on environment variables _only_ in PES and
   not on env space of calling process directly.

> So, we (shadow package maintainers) cannot blindly add the offending
> line to the /etc/pam.d/su file.

Of course we can. I use it for several years and
execute both 'su' and 'su -' without any problems.
:))

> One suggestion in the bug log is a modification to su code so that it
> I think we really need some external advice here, but I want first to
> have other team members advice, as well as the bug submitter opinion.

I have _many_ thoughts on the subject ;) but _little_
time :( to discuss them extensively.

I'll try to report everything related here, but this
won't just happen quickly.

P.S. please correct me if I'm wrong somewhere.
Ask if/where I was unclear too.
-- 
WBR,
xrgtn