[Pkg-shadow-devel] Why is su preserving the environment?
joss at debian.org
Sat Jan 24 09:07:38 UTC 2009
Le samedi 24 janvier 2009 à 09:04 +0100, Reinhard Tartler a écrit :
> the latter command indeed prunes the environment, and calling
> su -c gnome-terminal -
> sucessfully fails (heh) with failing to open a display. whats the
> problem here?
"su -" is actually pruning the environment as it starts a login shell.
This should be slightly orthogonal to preserving the environment.
Actually, "su -p -" *does* preserve it. When not starting a login shell,
the -p option does actually nothing (and the documentation doesn’t
I think Steve has a point, and as he explains, this is not a big
security issue; however it is breaking the expectations you have when
logging as another user. For example, it is not expected that starting
an application as the other user will re-use the running one, and it is
not expected that accessing the GNOME keyring will show the passwords of
the original user.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Ceci est une partie de message
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20090124/c34e60a4/attachment.pgp
More information about the Pkg-shadow-devel