[Pkg-shadow-devel] Bug#611584: /bin/su: not quite aggressive enough about cleaning the environment
Zack Weinberg
zackw at panix.com
Sun Jan 30 22:52:33 UTC 2011
Package: login
Version: 1:4.1.4.2+svn3283-2
Severity: normal
File: /bin/su
"su -" is supposed to produce the same set of environment variables that you'd
get if the destination user had logged in directly, but it misses at least a
few variables that should be unset:
$ su - root -c printenv | sort
Password:
COLORTERM=gnome-terminal
DISPLAY=:0.0
HOME=/root
LANG=en_US.UTF-8
LOGNAME=root
MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/root
SHELL=/bin/bash
SHLVL=1
TERM=xterm
USER=root
_=/usr/bin/printenv
XAUTHORITY=/home/zack/.Xauthority
XDG_SESSION_COOKIE=27046b7f861957572ca0690800001f42-1296427797.583592-1983986059
DISPLAY, XAUTHORITY, and XDG_SESSION_COOKIE should not be set in the
subsidiary shell. There may well be others -- this is just what I get
from my own environment.
(If you want to be able to do "su gui-command" and have it open up a window
on your screen, you shouldn't be using "-" mode. This is one reason why
non-"-" mode exists.)
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages login depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-6.1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
login recommends no packages.
login suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list